[jira] [Commented] (SPARK-44279) Upgrade word-wrap

Jira Tue, 11 Jul 2023 11:53:05 -0700


    [ 
https://issues.apache.org/jira/browse/SPARK-44279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17742137#comment-17742137
 ]


Bjørn Jørgensen commented on SPARK-44279:
-----------------------------------------

[~srowen] 
https://github.com/apache/spark/blob/37aa62f629e652ed70505620473530cd9611018e/dev/package-lock.json#L2226
 

[word-wrap vulnerable to Regular Expression Denial of 
Service|https://github.com/jonschlinkert/word-wrap/issues/40]


> Upgrade word-wrap
> -----------------
>
>                 Key: SPARK-44279
>                 URL: https://issues.apache.org/jira/browse/SPARK-44279
>             Project: Spark
>          Issue Type: Dependency upgrade
>          Components: Build
>    Affects Versions: 3.4.1, 3.5.0
>            Reporter: Bjørn Jørgensen
>            Priority: Major
>
> [Regular Expression Denial of Service (ReDoS) - 
> CVE-2023-26115|https://github.com/jonschlinkert/word-wrap/issues/32]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (SPARK-44279) Upgrade word-wrap

Reply via email to