This is an automated email from the ASF dual-hosted git repository.
tiagobento pushed a commit to branch 1.40.x
in repository https://gitbox.apache.org/repos/asf/incubator-kie-kogito-apps.git
The following commit(s) were added to refs/heads/1.40.x by this push:
new 56c9c329f CVE-2022-48345: @braintree/sanitize-url Cross-site Scripting
vulnerability (#1907)
56c9c329f is described below
commit 56c9c329f73963ccb48d0db32c638f73bee7e4b6
Author: Pere Fernández <[email protected]>
AuthorDate: Wed Nov 1 17:15:17 2023 +0100
CVE-2022-48345: @braintree/sanitize-url Cross-site Scripting vulnerability
(#1907)
CVE-2022-25883: semver vulnerable to Regular Expression Denial of Service
---
ui-packages/package.json | 4 ++++
ui-packages/yarn.lock | 43 +++++++++++++++++++++++++------------------
2 files changed, 29 insertions(+), 18 deletions(-)
diff --git a/ui-packages/package.json b/ui-packages/package.json
index 421929a92..b666bc096 100644
--- a/ui-packages/package.json
+++ b/ui-packages/package.json
@@ -146,7 +146,11 @@
"yarn": "1.22.10"
},
"resolutions": {
+ "@braintree/sanitize-url": "^6.0.1",
"@patternfly/react-core": "4.157.3",
+ "@kie-tools-core/**/semver": "^7.5.2",
+ "@kie-tools/**/semver": "^7.5.2",
+ "@kogito-tooling/**/semver": "^7.5.2",
"@types/express-serve-static-core": "^4.17.21",
"@types/minimatch": "^3.0.5",
"axios": "0.21.2",
diff --git a/ui-packages/yarn.lock b/ui-packages/yarn.lock
index 62118ac68..f5c48d9d7 100644
--- a/ui-packages/yarn.lock
+++ b/ui-packages/yarn.lock
@@ -2322,10 +2322,10 @@
resolved
"https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39";
integrity
sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==
-"@braintree/sanitize-url@^6.0.0":
- version "6.0.0"
- resolved
"https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-6.0.0.tgz#fe364f025ba74f6de6c837a84ef44bdb1d61e68f";
- integrity
sha512-mgmE7XBYY/21erpzhexk4Cj1cyTQ9LzvnTxtzM17BJ7ERMNE6W72mQRo0I1Ud8eFJ+RVVIcBNhLFZ3GX4XFz5w==
+"@braintree/sanitize-url@^6.0.0", "@braintree/sanitize-url@^6.0.1":
+ version "6.0.4"
+ resolved
"https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-6.0.4.tgz#923ca57e173c6b232bbbb07347b1be982f03e783";
+ integrity
sha512-s3jaWicZd0pkP0jf5ysyHUI/RE7MHos6qlToFcGWXVp+ykHOy77OUMrfbgJ9it2C5bow7OIQwYYaHjk9XlBQ2A==
"@cnakazawa/watch@^1.0.3":
version "1.0.4"
@@ -6454,9 +6454,9 @@
integrity
sha512-hppQEBDmlwhFAXKJX2KnWLYu5yMfi91yazPb2l+lbJiwW+wdo1gNeRA+3RgNSO39WYX2euey41KEwnqesU2Jew==
"@types/semver@^7.3.3":
- version "7.3.9"
- resolved
"https://registry.yarnpkg.com/@types/semver/-/semver-7.3.9.tgz#152c6c20a7688c30b967ec1841d31ace569863fc";
- integrity
sha512-L/TMpyURfBkf+o/526Zb6kd/tchUP3iBDEPjqjb+U2MAJhVRxxrmr2fwpe08E7QsV7YLcpq0tUaQ9O9x97ZIxQ==
+ version "7.5.4"
+ resolved
"https://registry.yarnpkg.com/@types/semver/-/semver-7.5.4.tgz#0a41252ad431c473158b22f9bfb9a63df7541cff";
+ integrity
sha512-MMzuxN3GdFwskAnb6fz0orFvhfqi752yjaXylr0Rp4oDg5H0Zn1IuyRhDVvYOwAXoJirx2xuS16I3WjxnAIHiQ==
"@types/serve-index@^1.9.1":
version "1.9.1"
@@ -17959,16 +17959,7 @@ popper.js@^1.16.0:
resolved
"https://registry.yarnpkg.com/popper.js/-/popper.js-1.16.1.tgz#2a223cb3dc7b6213d740e40372be40de43e65b1b";
integrity
sha512-Wb4p1J4zyFTbM+u6WuO4XstYx4Ky9Cewe4DWrel7B0w6VVICvPwdOpotjzcf6eD8TsckVnIMNONQyPIUFOUbCQ==
-portfinder@^1.0.27, portfinder@^1.0.28:
- version "1.0.28"
- resolved
"https://registry.yarnpkg.com/portfinder/-/portfinder-1.0.28.tgz#67c4622852bd5374dd1dd900f779f53462fac778";
- integrity
sha512-Se+2isanIcEqf2XMHjyUKskczxbPH7dQnlMjXX6+dybayyHvAf/TCgyMRlzf/B6QDhAEFOGes0pzRo3by4AbMA==
- dependencies:
- async "^2.6.2"
- debug "^3.1.1"
- mkdirp "^0.5.5"
-
-portfinder@^1.0.32:
+portfinder@^1.0.27, portfinder@^1.0.32:
version "1.0.32"
resolved
"https://registry.yarnpkg.com/portfinder/-/portfinder-1.0.32.tgz#2fe1b9e58389712429dc2bea5beb2146146c7f81";
integrity
sha512-on2ZJVVDXRADWE6jnQaX0ioEylzgBpQk8r55NE4wjXW1ZxO+BgDlY6DXwj20i0V8eB4SenDQ00WEaxfiIQPcxg==
@@ -17977,6 +17968,15 @@ portfinder@^1.0.32:
debug "^3.2.7"
mkdirp "^0.5.6"
+portfinder@^1.0.28:
+ version "1.0.28"
+ resolved
"https://registry.yarnpkg.com/portfinder/-/portfinder-1.0.28.tgz#67c4622852bd5374dd1dd900f779f53462fac778";
+ integrity
sha512-Se+2isanIcEqf2XMHjyUKskczxbPH7dQnlMjXX6+dybayyHvAf/TCgyMRlzf/B6QDhAEFOGes0pzRo3by4AbMA==
+ dependencies:
+ async "^2.6.2"
+ debug "^3.1.1"
+ mkdirp "^0.5.5"
+
posix-character-classes@^0.1.0:
version "0.1.1"
resolved
"https://registry.yarnpkg.com/posix-character-classes/-/posix-character-classes-0.1.1.tgz#01eac0fe3b5af71a2a6c02feabb8c1fef7e00eab";
@@ -20169,7 +20169,7 @@ [email protected]:
resolved
"https://registry.yarnpkg.com/semver/-/semver-7.0.0.tgz#5f3ca35761e47e05b206c6daff2cf814f0316b8e";
integrity
sha512-+GB6zVA9LWh6zovYQLALHwv5rb2PHGlJi3lfiqIHxR0uuwCgefcOJc59v9fv1w8GbStwxuuqqAjI9NMAOOgq1A==
[email protected], semver@^7.1.1, semver@^7.1.3, semver@^7.2.1, semver@^7.3.2,
semver@^7.3.4, semver@^7.3.5:
[email protected], semver@^7.1.1, semver@^7.1.3, semver@^7.2.1, semver@^7.3.2,
semver@^7.3.4:
version "7.3.5"
resolved
"https://registry.yarnpkg.com/semver/-/semver-7.3.5.tgz#0b621c879348d8998e4b0e4be94b3f12e6018ef7";
integrity
sha512-PoeGJYh8HK4BTO/a9Tf6ZG3veo/A7ZVsYrSA6J8ny9nb3B1VrpkuN+z9OE5wfE5p6H4LchYZsegiQgbJD94ZFQ==
@@ -20181,6 +20181,13 @@ semver@^6.0.0, semver@^6.1.1, semver@^6.1.2,
semver@^6.2.0, semver@^6.3.0:
resolved
"https://registry.yarnpkg.com/semver/-/semver-6.3.0.tgz#ee0a64c8af5e8ceea67687b133761e1becbd1d3d";
integrity
sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==
+semver@^7.3.5, semver@^7.5.2:
+ version "7.5.4"
+ resolved
"https://registry.yarnpkg.com/semver/-/semver-7.5.4.tgz#483986ec4ed38e1c6c48c34894a9182dbff68a6e";
+ integrity
sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==
+ dependencies:
+ lru-cache "^6.0.0"
+
[email protected]:
version "0.17.2"
resolved
"https://registry.yarnpkg.com/send/-/send-0.17.2.tgz#926622f76601c41808012c8bf1688fe3906f7820";
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
