Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport 1.3] [CVE-2021-3765][1.x] bump validator from 8.2.0 to 13.9.0 #3753

Merged
merged 3 commits into from
Apr 11, 2023
Merged

[Backport 1.3] [CVE-2021-3765][1.x] bump validator from 8.2.0 to 13.9.0 #3753

merged 3 commits into from
Apr 11, 2023

Commits on Mar 31, 2023

  1. [CVE-2021-3765][1.x] bump validator from 8.2.0 to 13.9.0 (#3725) 

    validator.js prior to 13.7.0 is vulnerable to Inefficient
Regular Expression Complexity. 1.x is using "validator@8.2.0".
Main has been bumped to 13.7.0 via PR #1106.
The solution is to backport it on 1.x.

Backport PR:
#1106

Issue Resolved:
#1063

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Co-authored-by: Josh Romero <rmerqg@amazon.com>
(cherry picked from commit 53ae3cf)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

# Conflicts:
#	CHANGELOG.md
    @github-actions
    github-actions[bot] committed Mar 31, 2023
    Configuration menu
    Copy the full SHA
    82f1ac9 View commit details
    Browse the repository at this point in the history

Commits on Apr 5, 2023

  1. add changelog 

    Signed-off-by: Josh Romero <rmerqg@amazon.com>
    @joshuarrrr
    joshuarrrr committed Apr 5, 2023
    Configuration menu
    Copy the full SHA
    e34786b View commit details
    Browse the repository at this point in the history

Commits on Apr 10, 2023

  1. Merge branch '1.3' into backport/backport-3725-to-1.3

    @ananzh
    ananzh authored Apr 10, 2023
    Configuration menu
    Copy the full SHA
    4cf800e View commit details
    Browse the repository at this point in the history