Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolves ansi-regex to v5.0.1 #1320

Merged
merged 1 commit into from
Mar 14, 2022
Merged

Resolves ansi-regex to v5.0.1 #1320

merged 1 commit into from
Mar 14, 2022

Conversation

tmarkley
Copy link
Contributor

@tmarkley tmarkley commented Mar 4, 2022

Not sure how, but I botched the other PR #1314. git kept telling me I didn't have permissions to update it after it let me rebase Tengda's branch without the new commit, so here we are.

Description

  • Addresses known Inefficient Regular Expression Complexity CVE in ansi-regex < 5.0.1: CVE-2021-3807
  • webpack-dev-server has a downstream dependency on ansi-regex v6.0.1 but it's still compatible with v5.0.1.

Signed-off-by: Tengda He tengh@amazon.com

Issues Resolved

Resolves #1084

Check List

  • New functionality includes testing.
    • All tests pass
      • yarn test:jest
      • yarn test:jest_integration
      • yarn test:ftr
  • New functionality has been documented.
  • Commits are signed per the DCO using --signoff

@Tengda-He
Resolves ansi-regex to v5.0.1
bab6e85 
* Addresses known Inefficient Regular Expression Complexity CVE
  in `ansi-regex` < 5.0.1: CVE-2021-3807
* `webpack-dev-server` has a downstream dependency on
  `ansi-regex` v6.0.1 but it's still compatible with v5.0.1.

Resolves opensearch-project#1084

Signed-off-by: Tengda He <tengh@amazon.com>
@tmarkley tmarkley added dependencies Pull requests that update a dependency file v2.0.0 labels Mar 4, 2022
@tmarkley tmarkley requested a review from a team as a code owner March 4, 2022 22:13
@kavilla kavilla requested review from boktorbb and ananzh March 10, 2022 23:59
@Tengda-He Tengda-He mentioned this pull request Mar 11, 2022
Open
@tmarkley tmarkley merged commit 15e4bc2 into opensearch-project:main Mar 14, 2022
@tmarkley tmarkley added the cve Security vulnerabilities detected by Dependabot or Mend label Mar 16, 2022
@tmarkley tmarkley deleted the Tengda-He/main branch March 25, 2022 19:43
@ZilongX ZilongX mentioned this pull request Sep 28, 2022
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kavilla kavilla kavilla approved these changes

@ananzh ananzh ananzh approved these changes

@boktorbb boktorbb Awaiting requested review from boktorbb

Assignees
No one assigned
Labels
cve Security vulnerabilities detected by Dependabot or Mend dependencies Pull requests that update a dependency file v2.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CVE-2021-3807 (High) detected in ansi-regex-3.0.0.tgz, ansi-regex-4.1.0.tgz
4 participants
@tmarkley @kavilla @ananzh @Tengda-He