Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ccf15eb

Browse files
author
Sam Stefan
authored
fix: security vulnerability CVE-2021-3765 in validator.js (#63)
This is to fix the security vulnerability CVE-2021-3765 in validator.js < 13.7.0 GHSA-qgmg-gppg-76g5 I've also fixed sequelize-typescript at version 2.1.2 as 2.1.3 is not compatible with sequelize 6.10.0 due to this change sequelize/sequelize-typescript#1202
1 parent 6eef10d commit ccf15eb

2 files changed

Lines changed: 59 additions & 42 deletions

File tree

package.json

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -21,28 +21,28 @@
2121
"@types/validator": "^13.1.3",
2222
"@typescript-eslint/eslint-plugin": "^3.1.0",
2323
"@typescript-eslint/parser": "^3.1.0",
24+
"casbin": "<=5.9.0 || >5.9.1",
2425
"coveralls": "^3.1.0",
25-
"npm-run-all": "^4.1.5",
26-
"rimraf": "^3.0.2",
2726
"eslint": "^7.2.0",
2827
"eslint-config-prettier": "^6.11.0",
2928
"husky": "^4.2.5",
3029
"jest": "^26.0.1",
3130
"lint-staged": "^10.2.9",
3231
"mysql2": "^2.1.0",
32+
"npm-run-all": "^4.1.5",
3333
"prettier": "^2.0.5",
34+
"rimraf": "^3.0.2",
3435
"ts-jest": "^26.1.0",
3536
"tslint": "^6.1.2",
36-
"typescript": "^3.9.5",
37-
"casbin": "<=5.9.0 || >5.9.1"
37+
"typescript": "^3.9.5"
3838
},
3939
"peerDependencies": {
4040
"casbin": "<=5.9.0 || >5.9.1"
4141
},
4242
"dependencies": {
4343
"reflect-metadata": "^0.1.13",
44-
"sequelize": "6.6.2",
45-
"sequelize-typescript": "^2.1.0"
44+
"sequelize": "6.10.0",
45+
"sequelize-typescript": "2.1.2"
4646
},
4747
"files": [
4848
"lib",

yarn.lock

Lines changed: 53 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -1137,16 +1137,15 @@ capture-exit@^2.0.0:
11371137
dependencies:
11381138
rsvp "^4.8.4"
11391139

1140-
casbin@^5.0.3:
1141-
version "5.6.0"
1142-
resolved "https://registry.npmjs.org/casbin/-/casbin-5.6.0.tgz#5bee4a23f60cda00c0748773163283a8efebe470"
1143-
integrity sha512-HfahsZgDSnYqT1MjTrYNtH4ll94sfMcZgrNZB5d3vwfffEYgdaPj8POSja9xMrB03APAtSkxh1fx63aELaoZFg==
1140+
"casbin@<=5.9.0 || >5.9.1":
1141+
version "5.15.1"
1142+
resolved "https://registry.yarnpkg.com/casbin/-/casbin-5.15.1.tgz#c46945eb0390737fcdee3bbd38a895b63c95782a"
1143+
integrity sha512-QkoJxel+kowIIwlIM1+zi7sCKmanyaYPevlOLmzSLE3CzWX6EZxNHIkTRkeOkYY7WDDaagOzJVz/1NcyyOsOxA==
11441144
dependencies:
11451145
await-lock "^2.0.1"
11461146
csv-parse "^4.15.3"
1147-
expression-eval "^2.0.0"
1148-
ip "^1.1.5"
1149-
micromatch "^4.0.2"
1147+
expression-eval "^4.0.0"
1148+
picomatch "^2.2.3"
11501149

11511150
caseless@~0.12.0:
11521151
version "0.12.0"
@@ -1813,10 +1812,10 @@ expect@^26.6.2:
18131812
jest-message-util "^26.6.2"
18141813
jest-regex-util "^26.0.0"
18151814

1816-
expression-eval@^2.0.0:
1817-
version "2.1.0"
1818-
resolved "https://registry.npmjs.org/expression-eval/-/expression-eval-2.1.0.tgz#422915caa46140a7c5b5f248650dea8bf8236e62"
1819-
integrity sha512-FUJO/Akvl/JOWkvlqZaqbkhsEWlCJWDeZG4tzX96UH68D9FeRgYgtb55C2qtqbORC0Q6x5419EDjWu4IT9kQfg==
1815+
expression-eval@^4.0.0:
1816+
version "4.0.0"
1817+
resolved "https://registry.yarnpkg.com/expression-eval/-/expression-eval-4.0.0.tgz#d6a07c93e8b33e635710419d4a595d9208b9cc5e"
1818+
integrity sha512-YHSnLTyIb9IKaho2IdQbvlei/pElxnGm48UgaXJ1Fe5au95Ck0R9ftm6rHJQuKw3FguZZ4eXVllJFFFc7LX0WQ==
18201819
dependencies:
18211820
jsep "^0.3.0"
18221821

@@ -2073,7 +2072,19 @@ glob-parent@^5.0.0:
20732072
dependencies:
20742073
is-glob "^4.0.1"
20752074

2076-
[email protected], glob@^7.1.1, glob@^7.1.2, glob@^7.1.3, glob@^7.1.4, glob@^7.1.6:
2075+
[email protected]:
2076+
version "7.2.0"
2077+
resolved "https://registry.yarnpkg.com/glob/-/glob-7.2.0.tgz#d15535af7732e02e948f4c41628bd910293f6023"
2078+
integrity sha512-lmLf6gtyrPq8tTjSmrO94wBeQbFR3HbLHbuyD69wuyQkImp2hWqMGB47OX65FBkPffO641IP9jWa1z4ivqG26Q==
2079+
dependencies:
2080+
fs.realpath "^1.0.0"
2081+
inflight "^1.0.4"
2082+
inherits "2"
2083+
minimatch "^3.0.4"
2084+
once "^1.3.0"
2085+
path-is-absolute "^1.0.0"
2086+
2087+
glob@^7.1.1, glob@^7.1.2, glob@^7.1.3, glob@^7.1.4, glob@^7.1.6:
20772088
version "7.1.6"
20782089
resolved "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz#141f33b81a7c2492e125594307480c46679278a6"
20792090
integrity sha512-LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA==
@@ -2277,10 +2288,10 @@ indent-string@^4.0.0:
22772288
resolved "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz#624f8f4497d619b2d9768531d58f4122854d7251"
22782289
integrity sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==
22792290

2280-
inflection@1.12.0:
2281-
version "1.12.0"
2282-
resolved "https://registry.npmjs.org/inflection/-/inflection-1.12.0.tgz#a200935656d6f5f6bc4dc7502e1aecb703228416"
2283-
integrity sha1-ogCTVlbW9fa8TcdQLhrstwMihBY=
2291+
inflection@1.13.1:
2292+
version "1.13.1"
2293+
resolved "https://registry.yarnpkg.com/inflection/-/inflection-1.13.1.tgz#c5cadd80888a90cf84c2e96e340d7edc85d5f0cb"
2294+
integrity sha512-dldYtl2WlN0QDkIDtg8+xFwOS2Tbmp12t1cHa5/YClU6ZQjTFm7B66UcVbh9NQB+HvT5BAd2t5+yKsBkw5pcqA==
22842295

22852296
inflight@^1.0.4:
22862297
version "1.0.6"
@@ -2295,11 +2306,6 @@ inherits@2:
22952306
resolved "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz#0fa2c64f932917c3433a0ded55363aae37416b7c"
22962307
integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==
22972308

2298-
ip@^1.1.5:
2299-
version "1.1.5"
2300-
resolved "https://registry.npmjs.org/ip/-/ip-1.1.5.tgz#bdded70114290828c0a039e72ef25f5aaec4354a"
2301-
integrity sha1-vd7XARQpCCjAoDnnLvJfWq7ENUo=
2302-
23032309
is-accessor-descriptor@^0.1.6:
23042310
version "0.1.6"
23052311
resolved "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz#a9e12cb3ae8d876727eeef3843f8a0897b5c98d6"
@@ -3776,11 +3782,21 @@ performance-now@^2.1.0:
37763782
resolved "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz#6309f4e0e5fa913ec1c69307ae364b4b377c9e7b"
37773783
integrity sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns=
37783784

3785+
pg-connection-string@^2.5.0:
3786+
version "2.5.0"
3787+
resolved "https://registry.yarnpkg.com/pg-connection-string/-/pg-connection-string-2.5.0.tgz#538cadd0f7e603fc09a12590f3b8a452c2c0cf34"
3788+
integrity sha512-r5o/V/ORTA6TmUnyWZR9nCj1klXCO2CEKNRlVuJptZe85QuhFayC7WeMic7ndayT5IRIR0S0xFxFi2ousartlQ==
3789+
37793790
picomatch@^2.0.4, picomatch@^2.0.5:
37803791
version "2.2.2"
37813792
resolved "https://registry.npmjs.org/picomatch/-/picomatch-2.2.2.tgz#21f333e9b6b8eaff02468f5146ea406d345f4dad"
37823793
integrity sha512-q0M/9eZHzmr0AulXyPwNfZjtwZ/RBZlbN3K3CErVrk50T2ASYI7Bye0EvekFY3IP1Nt2DHu0re+V2ZHIpMkuWg==
37833794

3795+
picomatch@^2.2.3:
3796+
version "2.3.1"
3797+
resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.3.1.tgz#3ba3833733646d9d3e4995946c1365a67fb07a42"
3798+
integrity sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==
3799+
37843800
pidtree@^0.3.0:
37853801
version "0.3.1"
37863802
resolved "https://registry.npmjs.org/pidtree/-/pidtree-0.3.1.tgz#ef09ac2cc0533df1f3250ccf2c4d366b0d12114a"
@@ -4178,30 +4194,31 @@ sequelize-pool@^6.0.0:
41784194
resolved "https://registry.npmjs.org/sequelize-pool/-/sequelize-pool-6.1.0.tgz#caaa0c1e324d3c2c3a399fed2c7998970925d668"
41794195
integrity sha512-4YwEw3ZgK/tY/so+GfnSgXkdwIJJ1I32uZJztIEgZeAO6HMgj64OzySbWLgxj+tXhZCJnzRfkY9gINw8Ft8ZMg==
41804196

4181-
sequelize-typescript@^2.1.0:
4182-
version "2.1.0"
4183-
resolved "https://registry.npmjs.org/sequelize-typescript/-/sequelize-typescript-2.1.0.tgz#7d42dac368f32829a736acc4f0c9f3b79fc089bb"
4184-
integrity sha512-wwPxydBQ/wIZ92pFxDQEAhW8uRHqwFZGm6JkPmpsCjrODWrH8TANZiOCjwGouygFMgBwCNK91RNwLe5TYoy5pg==
4197+
[email protected].2:
4198+
version "2.1.2"
4199+
resolved "https://registry.yarnpkg.com/sequelize-typescript/-/sequelize-typescript-2.1.2.tgz#fcc2d3263ccc622710328c278f83e89f632a6d5a"
4200+
integrity sha512-+vhugJk1LLq5EVeLWi/UrkpGLrJGVD0R3UpEGHYouf6qeLRBL1V7QCIZr0pHZA57+nJPoK4PPTD+sGHS11uvvw==
41854201
dependencies:
4186-
glob "7.1.6"
4202+
glob "7.2.0"
41874203

4188-
sequelize@^6.6.2:
4189-
version "6.6.2"
4190-
resolved "https://registry.npmjs.org/sequelize/-/sequelize-6.6.2.tgz#3681b0a4aeb106e31079d3a537d88542051dab2e"
4191-
integrity sha512-H/zrzmTK+tis9PJaSigkuXI57nKBvNCtPQol0yxCvau1iWLzSOuq8t3tMOVeQ+Ep8QH2HoD9/+FCCIAqzUr/BQ==
4204+
sequelize@6.10.0:
4205+
version "6.10.0"
4206+
resolved "https://registry.yarnpkg.com/sequelize/-/sequelize-6.10.0.tgz#570307a35d9c9837148834af3f6948f683b5ff2c"
4207+
integrity sha512-vqKcteQZFSh+LkEBGWMZLwnE609FXTFFuyD7plJNlm8wPi3XQJ7ciUyVTC/3F+uxVHeyB2VSP9qz1ws7YqsqNw==
41924208
dependencies:
41934209
debug "^4.1.1"
41944210
dottie "^2.0.0"
4195-
inflection "1.12.0"
4211+
inflection "1.13.1"
41964212
lodash "^4.17.20"
41974213
moment "^2.26.0"
41984214
moment-timezone "^0.5.31"
4215+
pg-connection-string "^2.5.0"
41994216
retry-as-promised "^3.2.0"
42004217
semver "^7.3.2"
42014218
sequelize-pool "^6.0.0"
42024219
toposort-class "^1.0.1"
42034220
uuid "^8.1.0"
4204-
validator "^10.11.0"
4221+
validator "^13.7.0"
42054222
wkx "^0.5.0"
42064223

42074224
set-blocking@^2.0.0:
@@ -4865,10 +4882,10 @@ validate-npm-package-license@^3.0.1:
48654882
spdx-correct "^3.0.0"
48664883
spdx-expression-parse "^3.0.0"
48674884

4868-
validator@^10.11.0:
4869-
version "10.11.0"
4870-
resolved "https://registry.npmjs.org/validator/-/validator-10.11.0.tgz#003108ea6e9a9874d31ccc9e5006856ccd76b228"
4871-
integrity sha512-X/p3UZerAIsbBfN/IwahhYaBbY68EN/UQBWHtsbXGT5bfrH/p4NQzUCG1kF/rtKaNpnJ7jAu6NGTdSNtyNIXMw==
4885+
validator@^13.7.0:
4886+
version "13.7.0"
4887+
resolved "https://registry.yarnpkg.com/validator/-/validator-13.7.0.tgz#4f9658ba13ba8f3d82ee881d3516489ea85c0857"
4888+
integrity sha512-nYXQLCBkpJ8X6ltALua9dRrZDHVYxjJ1wgskNt1lH9fzGjs3tgojGSCBjmEPwkWS1y29+DrizMTW19Pr9uB2nw==
48724889

48734890
[email protected]:
48744891
version "1.10.0"

0 commit comments

Comments
 (0)