Skip to content

Commit

Permalink
fix: security vulnerability CVE-2021-3765 in validator.js
Browse files Browse the repository at this point in the history
This is to fix the security vulnerability CVE-2021-3765 in validator.js < 13.7.0

GHSA-qgmg-gppg-76g5

I've also fixed sequelize-typescript at version 2.1.2 as 2.1.3 is not compatible with sequelize 6.10.0 due to this change sequelize/sequelize-typescript#1202
  • Loading branch information
samstefan committed Apr 29, 2022
1 parent 6eef10d commit 922b745
Show file tree
Hide file tree
Showing 2 changed files with 59 additions and 42 deletions.
12 changes: 6 additions & 6 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -21,28 +21,28 @@
"@types/validator": "^13.1.3",
"@typescript-eslint/eslint-plugin": "^3.1.0",
"@typescript-eslint/parser": "^3.1.0",
"casbin": "<=5.9.0 || >5.9.1",
"coveralls": "^3.1.0",
"npm-run-all": "^4.1.5",
"rimraf": "^3.0.2",
"eslint": "^7.2.0",
"eslint-config-prettier": "^6.11.0",
"husky": "^4.2.5",
"jest": "^26.0.1",
"lint-staged": "^10.2.9",
"mysql2": "^2.1.0",
"npm-run-all": "^4.1.5",
"prettier": "^2.0.5",
"rimraf": "^3.0.2",
"ts-jest": "^26.1.0",
"tslint": "^6.1.2",
"typescript": "^3.9.5",
"casbin": "<=5.9.0 || >5.9.1"
"typescript": "^3.9.5"
},
"peerDependencies": {
"casbin": "<=5.9.0 || >5.9.1"
},
"dependencies": {
"reflect-metadata": "^0.1.13",
"sequelize": "6.6.2",
"sequelize-typescript": "^2.1.0"
"sequelize": "6.10.0",
"sequelize-typescript": "2.1.2"
},
"files": [
"lib",
Expand Down
89 changes: 53 additions & 36 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -1137,16 +1137,15 @@ capture-exit@^2.0.0:
dependencies:
rsvp "^4.8.4"

casbin@^5.0.3:
version "5.6.0"
resolved "https://registry.npmjs.org/casbin/-/casbin-5.6.0.tgz#5bee4a23f60cda00c0748773163283a8efebe470"
integrity sha512-HfahsZgDSnYqT1MjTrYNtH4ll94sfMcZgrNZB5d3vwfffEYgdaPj8POSja9xMrB03APAtSkxh1fx63aELaoZFg==
"casbin@<=5.9.0 || >5.9.1":
version "5.15.1"
resolved "https://registry.yarnpkg.com/casbin/-/casbin-5.15.1.tgz#c46945eb0390737fcdee3bbd38a895b63c95782a"
integrity sha512-QkoJxel+kowIIwlIM1+zi7sCKmanyaYPevlOLmzSLE3CzWX6EZxNHIkTRkeOkYY7WDDaagOzJVz/1NcyyOsOxA==
dependencies:
await-lock "^2.0.1"
csv-parse "^4.15.3"
expression-eval "^2.0.0"
ip "^1.1.5"
micromatch "^4.0.2"
expression-eval "^4.0.0"
picomatch "^2.2.3"

caseless@~0.12.0:
version "0.12.0"
Expand Down Expand Up @@ -1813,10 +1812,10 @@ expect@^26.6.2:
jest-message-util "^26.6.2"
jest-regex-util "^26.0.0"

expression-eval@^2.0.0:
version "2.1.0"
resolved "https://registry.npmjs.org/expression-eval/-/expression-eval-2.1.0.tgz#422915caa46140a7c5b5f248650dea8bf8236e62"
integrity sha512-FUJO/Akvl/JOWkvlqZaqbkhsEWlCJWDeZG4tzX96UH68D9FeRgYgtb55C2qtqbORC0Q6x5419EDjWu4IT9kQfg==
expression-eval@^4.0.0:
version "4.0.0"
resolved "https://registry.yarnpkg.com/expression-eval/-/expression-eval-4.0.0.tgz#d6a07c93e8b33e635710419d4a595d9208b9cc5e"
integrity sha512-YHSnLTyIb9IKaho2IdQbvlei/pElxnGm48UgaXJ1Fe5au95Ck0R9ftm6rHJQuKw3FguZZ4eXVllJFFFc7LX0WQ==
dependencies:
jsep "^0.3.0"

Expand Down Expand Up @@ -2073,7 +2072,19 @@ glob-parent@^5.0.0:
dependencies:
is-glob "^4.0.1"

[email protected], glob@^7.1.1, glob@^7.1.2, glob@^7.1.3, glob@^7.1.4, glob@^7.1.6:
[email protected]:
version "7.2.0"
resolved "https://registry.yarnpkg.com/glob/-/glob-7.2.0.tgz#d15535af7732e02e948f4c41628bd910293f6023"
integrity sha512-lmLf6gtyrPq8tTjSmrO94wBeQbFR3HbLHbuyD69wuyQkImp2hWqMGB47OX65FBkPffO641IP9jWa1z4ivqG26Q==
dependencies:
fs.realpath "^1.0.0"
inflight "^1.0.4"
inherits "2"
minimatch "^3.0.4"
once "^1.3.0"
path-is-absolute "^1.0.0"

glob@^7.1.1, glob@^7.1.2, glob@^7.1.3, glob@^7.1.4, glob@^7.1.6:
version "7.1.6"
resolved "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz#141f33b81a7c2492e125594307480c46679278a6"
integrity sha512-LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA==
Expand Down Expand Up @@ -2277,10 +2288,10 @@ indent-string@^4.0.0:
resolved "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz#624f8f4497d619b2d9768531d58f4122854d7251"
integrity sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==

inflection@1.12.0:
version "1.12.0"
resolved "https://registry.npmjs.org/inflection/-/inflection-1.12.0.tgz#a200935656d6f5f6bc4dc7502e1aecb703228416"
integrity sha1-ogCTVlbW9fa8TcdQLhrstwMihBY=
inflection@1.13.1:
version "1.13.1"
resolved "https://registry.yarnpkg.com/inflection/-/inflection-1.13.1.tgz#c5cadd80888a90cf84c2e96e340d7edc85d5f0cb"
integrity sha512-dldYtl2WlN0QDkIDtg8+xFwOS2Tbmp12t1cHa5/YClU6ZQjTFm7B66UcVbh9NQB+HvT5BAd2t5+yKsBkw5pcqA==

inflight@^1.0.4:
version "1.0.6"
Expand All @@ -2295,11 +2306,6 @@ inherits@2:
resolved "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz#0fa2c64f932917c3433a0ded55363aae37416b7c"
integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==

ip@^1.1.5:
version "1.1.5"
resolved "https://registry.npmjs.org/ip/-/ip-1.1.5.tgz#bdded70114290828c0a039e72ef25f5aaec4354a"
integrity sha1-vd7XARQpCCjAoDnnLvJfWq7ENUo=

is-accessor-descriptor@^0.1.6:
version "0.1.6"
resolved "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz#a9e12cb3ae8d876727eeef3843f8a0897b5c98d6"
Expand Down Expand Up @@ -3776,11 +3782,21 @@ performance-now@^2.1.0:
resolved "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz#6309f4e0e5fa913ec1c69307ae364b4b377c9e7b"
integrity sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns=

pg-connection-string@^2.5.0:
version "2.5.0"
resolved "https://registry.yarnpkg.com/pg-connection-string/-/pg-connection-string-2.5.0.tgz#538cadd0f7e603fc09a12590f3b8a452c2c0cf34"
integrity sha512-r5o/V/ORTA6TmUnyWZR9nCj1klXCO2CEKNRlVuJptZe85QuhFayC7WeMic7ndayT5IRIR0S0xFxFi2ousartlQ==

picomatch@^2.0.4, picomatch@^2.0.5:
version "2.2.2"
resolved "https://registry.npmjs.org/picomatch/-/picomatch-2.2.2.tgz#21f333e9b6b8eaff02468f5146ea406d345f4dad"
integrity sha512-q0M/9eZHzmr0AulXyPwNfZjtwZ/RBZlbN3K3CErVrk50T2ASYI7Bye0EvekFY3IP1Nt2DHu0re+V2ZHIpMkuWg==

picomatch@^2.2.3:
version "2.3.1"
resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.3.1.tgz#3ba3833733646d9d3e4995946c1365a67fb07a42"
integrity sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==

pidtree@^0.3.0:
version "0.3.1"
resolved "https://registry.npmjs.org/pidtree/-/pidtree-0.3.1.tgz#ef09ac2cc0533df1f3250ccf2c4d366b0d12114a"
Expand Down Expand Up @@ -4178,30 +4194,31 @@ sequelize-pool@^6.0.0:
resolved "https://registry.npmjs.org/sequelize-pool/-/sequelize-pool-6.1.0.tgz#caaa0c1e324d3c2c3a399fed2c7998970925d668"
integrity sha512-4YwEw3ZgK/tY/so+GfnSgXkdwIJJ1I32uZJztIEgZeAO6HMgj64OzySbWLgxj+tXhZCJnzRfkY9gINw8Ft8ZMg==

sequelize-typescript@^2.1.0:
version "2.1.0"
resolved "https://registry.npmjs.org/sequelize-typescript/-/sequelize-typescript-2.1.0.tgz#7d42dac368f32829a736acc4f0c9f3b79fc089bb"
integrity sha512-wwPxydBQ/wIZ92pFxDQEAhW8uRHqwFZGm6JkPmpsCjrODWrH8TANZiOCjwGouygFMgBwCNK91RNwLe5TYoy5pg==
[email protected].2:
version "2.1.2"
resolved "https://registry.yarnpkg.com/sequelize-typescript/-/sequelize-typescript-2.1.2.tgz#fcc2d3263ccc622710328c278f83e89f632a6d5a"
integrity sha512-+vhugJk1LLq5EVeLWi/UrkpGLrJGVD0R3UpEGHYouf6qeLRBL1V7QCIZr0pHZA57+nJPoK4PPTD+sGHS11uvvw==
dependencies:
glob "7.1.6"
glob "7.2.0"

sequelize@^6.6.2:
version "6.6.2"
resolved "https://registry.npmjs.org/sequelize/-/sequelize-6.6.2.tgz#3681b0a4aeb106e31079d3a537d88542051dab2e"
integrity sha512-H/zrzmTK+tis9PJaSigkuXI57nKBvNCtPQol0yxCvau1iWLzSOuq8t3tMOVeQ+Ep8QH2HoD9/+FCCIAqzUr/BQ==
sequelize@6.10.0:
version "6.10.0"
resolved "https://registry.yarnpkg.com/sequelize/-/sequelize-6.10.0.tgz#570307a35d9c9837148834af3f6948f683b5ff2c"
integrity sha512-vqKcteQZFSh+LkEBGWMZLwnE609FXTFFuyD7plJNlm8wPi3XQJ7ciUyVTC/3F+uxVHeyB2VSP9qz1ws7YqsqNw==
dependencies:
debug "^4.1.1"
dottie "^2.0.0"
inflection "1.12.0"
inflection "1.13.1"
lodash "^4.17.20"
moment "^2.26.0"
moment-timezone "^0.5.31"
pg-connection-string "^2.5.0"
retry-as-promised "^3.2.0"
semver "^7.3.2"
sequelize-pool "^6.0.0"
toposort-class "^1.0.1"
uuid "^8.1.0"
validator "^10.11.0"
validator "^13.7.0"
wkx "^0.5.0"

set-blocking@^2.0.0:
Expand Down Expand Up @@ -4865,10 +4882,10 @@ validate-npm-package-license@^3.0.1:
spdx-correct "^3.0.0"
spdx-expression-parse "^3.0.0"

validator@^10.11.0:
version "10.11.0"
resolved "https://registry.npmjs.org/validator/-/validator-10.11.0.tgz#003108ea6e9a9874d31ccc9e5006856ccd76b228"
integrity sha512-X/p3UZerAIsbBfN/IwahhYaBbY68EN/UQBWHtsbXGT5bfrH/p4NQzUCG1kF/rtKaNpnJ7jAu6NGTdSNtyNIXMw==
validator@^13.7.0:
version "13.7.0"
resolved "https://registry.yarnpkg.com/validator/-/validator-13.7.0.tgz#4f9658ba13ba8f3d82ee881d3516489ea85c0857"
integrity sha512-nYXQLCBkpJ8X6ltALua9dRrZDHVYxjJ1wgskNt1lH9fzGjs3tgojGSCBjmEPwkWS1y29+DrizMTW19Pr9uB2nw==

[email protected]:
version "1.10.0"
Expand Down

0 comments on commit 922b745

Please sign in to comment.