[Backport 1.3] [CVE-2021-3765][1.x] bump validator from 8.2.0 to 13.9…

….0 (#3753) * [CVE-2021-3765][1.x] bump validator from 8.2.0 to 13.9.0 (#3725) validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity. 1.x is using "validator@8.2.0". Main has been bumped to 13.7.0 via PR #1106. The solution is to backport it on 1.x. Backport PR: #1106 Issue Resolved: #1063 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> (cherry picked from commit 53ae3cf) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> # Conflicts: # CHANGELOG.md * add changelog Signed-off-by: Josh Romero <rmerqg@amazon.com> --------- Signed-off-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com>
opensearch-project · Apr 11, 2023 · 1c4271e · 1c4271e
1 parent 347f973
commit 1c4271e
Show file tree

Hide file tree

Showing 3 changed files with 148 additions and 96 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,8 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 
 ### 🛡 Security
 
+- [CVE-2021-3765] Update `@microsoft/api-documenter` and `@microsoft/api-extractor` versions to bump validator from `8.2.0` to `13.9.0` ([#3725](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3725))
+
 ### 📈 Features/Enhancements
 
 ### 🐛 Bug Fixes

diff --git a/package.json b/package.json
@@ -274,8 +274,8 @@
     "@osd/test": "1.0.0",
     "@osd/test-subj-selector": "0.2.1",
     "@osd/utility-types": "1.0.0",
-    "@microsoft/api-documenter": "7.7.2",
-    "@microsoft/api-extractor": "7.7.0",
+    "@microsoft/api-documenter": "^7.13.78",
+    "@microsoft/api-extractor": "^7.19.3",
     "@percy/agent": "^0.28.6",
     "@testing-library/dom": "^7.24.2",
     "@testing-library/jest-dom": "^5.11.4",