Skip to content

Commit

Permalink
fix(oas): update memoizee(vulnerability) (#876)
Browse files Browse the repository at this point in the history 
| 🚥 Resolves |
| :------------------- |

## 🧰 Changes

Memoize had a vulnerability and was fixed with v0.4.16.
medikoo/memoizee#133

```
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ low                 │ es5-ext vulnerable to Regular Expression Denial of     │
│                     │ Service in `function#copy` and                         │
│                     │ `function#toStringTokens`                              │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package             │ es5-ext                                                │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ >=0.10.0 <0.10.63                                      │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions    │ >=0.10.63                                              │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths               │ . > @kubb/[email protected] > @kubb/[email protected] >       │
│                     │ [email protected] > [email protected] > [email protected] >               │
│                     │ [email protected] > [email protected] > [email protected] │
│                     │                                                        │
│                     │ . > @kubb/[email protected] > @kubb/[email protected] >       │
│                     │ [email protected] > [email protected] > [email protected] >       │
│                     │ [email protected] > [email protected] > [email protected]         │
│                     │                                                        │
│                     │ . > @kubb/[email protected] > @kubb/[email protected] >       │
│                     │ [email protected] > [email protected] > [email protected] >       │
│                     │ [email protected] > [email protected]                   │
│                     │                                                        │
│                     │ ... Found 54 paths, run `pnpm why es5-ext` for more    │
│                     │ information                                            │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info           │ GHSA-4gmj-3p3h-gm8h      │
└─────────────────────┴────────────────────────────────────────────────────────┘
```
It is linked to kubb-labs/kubb#1014.
  • Loading branch information
@stijnvanhulle
stijnvanhulle authored May 30, 2024
1 parent 82056dc commit f434919
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 7 deletions.
15 changes: 9 additions & 6 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion packages/oas/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@
"json-schema-merge-allof": "^0.8.1",
"jsonpath-plus": "^8.0.0",
"jsonpointer": "^5.0.0",
"memoizee": "^0.4.14",
"memoizee": "^0.4.16",
"oas-normalize": "file:../oas-normalize",
"openapi-types": "^12.1.1",
"path-to-regexp": "^6.2.2",
Expand Down

0 comments on commit f434919

Please sign in to comment.