Skip to content

fix: security vulnerability CVE-2021-3765 in validator.js#63

Merged
hsluoyz merged 1 commit intoapache:masterfrom
samstefan:master
Apr 29, 2022
Merged

fix: security vulnerability CVE-2021-3765 in validator.js#63
hsluoyz merged 1 commit intoapache:masterfrom
samstefan:master

Conversation

@samstefan
Copy link
Contributor

@samstefan samstefan commented Apr 29, 2022
edited
Loading

This is to fix the security vulnerability CVE-2021-3765 in validator.js < 13.7.0. This was patched in sequelize here sequelize/sequelize@d4f7558

I've also fixed sequelize-typescript at version 2.1.2 as 2.1.3 is not compatible with sequelize 6.10.0 due to this change sequelize/sequelize-typescript#1202. sequelize-typescript 2.1.3 was being installed in the CI due to the --no-lockfile flag passed to yarn.

@samstefan
fix: security vulnerability CVE-2021-3765 in validator.js
922b745 
This is to fix the security vulnerability CVE-2021-3765 in validator.js < 13.7.0

GHSA-qgmg-gppg-76g5

I've also fixed sequelize-typescript at version 2.1.2 as 2.1.3 is not compatible with sequelize 6.10.0 due to this change sequelize/sequelize-typescript#1202
@casbin-bot
Copy link

casbin-bot commented Apr 29, 2022

@Gabriel-403 @Zxilly @kingiw @nodece please review

@samstefan samstefan mentioned this pull request Apr 29, 2022
Closed
@coveralls
Copy link

coveralls commented Apr 29, 2022

Pull Request Test Coverage Report for Build 2244235376

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 86.207%
Totals Coverage Status
Change from base Build 1040681555: 0.0%
Covered Lines: 100
Relevant Lines: 108
💛 - Coveralls

@hsluoyz hsluoyz merged commit ccf15eb into apache:master Apr 29, 2022
@github-actions
Copy link

github-actions bot commented Apr 29, 2022

🎉 This PR is included in version 2.3.2 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Gabriel-403 Gabriel-403 Awaiting requested review from Gabriel-403

@kingiw kingiw Awaiting requested review from kingiw

@nodece nodece Awaiting requested review from nodece

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@samstefan @casbin-bot @coveralls @hsluoyz