From 8fc20d21cd7861ecc4f034ae82234a05227c2c12 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Thu, 9 Dec 2021 15:48:46 +0100 Subject: [PATCH] deps(ansi-regex): fix potential ReDoS This is the upstream fix [1] applied to all applicable bundled deps. [1]: https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9 Fixes: CVE-2021-3807 Signed-off-by: rpm-build --- .../node_modules/string-width/node_modules/ansi-regex/index.js | 2 +- deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js b/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js index c4aaecf..7d32201 100644 --- a/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js +++ b/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js @@ -2,7 +2,7 @@ module.exports = () => { const pattern = [ - '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[a-zA-Z\\d]*)*)?\\u0007)', + '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)', '(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PRZcf-ntqry=><~]))' ].join('|'); diff --git a/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js b/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js index c254480..9e37ec3 100644 --- a/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js +++ b/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js @@ -6,7 +6,7 @@ module.exports = options => { }, options); const pattern = [ - '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)', + '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)', '(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))' ].join('|'); -- 2.38.1