[CVE-2021-3765][1.x] bump validator from 8.2.0 to 13.9.0 #3725
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ananzh
changed the title
ananzh
force-pushed
the
1.x-bump-validator
branch
2 times, most recently
from
a01e636
to
9e88d0d
Compare
ananzh
added
cve
joshuarrrr
reviewed
Mar 29, 2023
CHANGELOG.md
Outdated
| @@ -8,6 +8,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) | |||
| ### Deprecations | |||
|
|
|||
| ### 🛡 Security | |||
| - [CVE-2021-3765] bump validator from 8.2.0 to 13.9.0 ([#3725](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3725)) | |||
There was a problem hiding this comment.
I think this description is slightly misleading given the actual package.json change:
Suggested change
| - [CVE-2021-3765] bump validator from 8.2.0 to 13.9.0 ([#3725](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3725)) | |
| - [CVE-2021-3765] Update @microsoft/api-documenter and @microsoft/api-extractor versions to bump validator from 8.2.0 to 13.9.0 ([#3725](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3725)) |
Codecov Report
📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more @@ Coverage Diff @@
## 1.x #3725 +/- ##
=======================================
Coverage 67.45% 67.46%
=======================================
Files 3044 3044
Lines 58692 58692
Branches 8902 8902
=======================================
+ Hits 39593 39595 +2
+ Misses 16946 16945 -1
+ Partials 2153 2152 -1
Flags with carried forward coverage won't be shown. Click here to find out more. see 1 file with indirect coverage changes Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
ananzh
force-pushed
the
1.x-bump-validator
branch
2 times, most recently
from
89799fb
to
0697270
Compare
validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity. 1.x is using "validator@8.2.0". Main has been bumped to 13.7.0 via PR opensearch-project#1106. The solution is to backport it on 1.x. Backport PR: opensearch-project#1106 Issue Resolved: opensearch-project#1063 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
ananzh
force-pushed
the
1.x-bump-validator
branch
from
0697270
to
7b6f59a
Compare
joshuarrrr
approved these changes
Mar 31, 2023
ashwin-pc
approved these changes
Mar 31, 2023
opensearch-trigger-bot bot
pushed a commit
that referenced
this pull request
Mar 31, 2023
validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity. 1.x is using "validator@8.2.0". Main has been bumped to 13.7.0 via PR #1106. The solution is to backport it on 1.x. Backport PR: #1106 Issue Resolved: #1063 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> (cherry picked from commit 53ae3cf) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> # Conflicts: # CHANGELOG.md
ananzh
added a commit
to ananzh/OpenSearch-Dashboards
that referenced
this pull request
Apr 3, 2023
…project#3725) validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity. 1.x is using "validator@8.2.0". Main has been bumped to 13.7.0 via PR opensearch-project#1106. The solution is to backport it on 1.x. Backport PR: opensearch-project#1106 Issue Resolved: opensearch-project#1063 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: Josh Romero <rmerqg@amazon.com>
joshuarrrr
added a commit
that referenced
this pull request
Apr 11, 2023
….0 (#3753) * [CVE-2021-3765][1.x] bump validator from 8.2.0 to 13.9.0 (#3725) validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity. 1.x is using "validator@8.2.0". Main has been bumped to 13.7.0 via PR #1106. The solution is to backport it on 1.x. Backport PR: #1106 Issue Resolved: #1063 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> (cherry picked from commit 53ae3cf) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> # Conflicts: # CHANGELOG.md * add changelog Signed-off-by: Josh Romero <rmerqg@amazon.com> --------- Signed-off-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity. 1.x is using "validator@8.2.0".
Main has been bumped to 13.7.0 via PR #1106.
The solution is to backport it on 1.x.
Backport PR
#1106
Issue Resolved
#1063
Check List
yarn test:jestyarn test:jest_integrationyarn test:ftr