[CVE-2021-3765][1.x] bump validator from 8.2.0 to 13.9.0

validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity. 1.x is using "validator@8.2.0". Main has been bumped to 13.7.0 via PR opensearch-project#1106. The solution is to backport it on 1.x. Backport PR: opensearch-project#1106 Issue Resolved: opensearch-project#1063 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
ananzh · Mar 29, 2023 · 89799fb · 89799fb
1 parent bf1c65f
commit 89799fb
Show file tree

Hide file tree

Showing 3 changed files with 147 additions and 96 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 ### Deprecations
 
 ### 🛡 Security
+- [CVE-2021-3765] Update @microsoft/api-documenter and @microsoft/api-extractor versions to bump validator from 8.2.0 to 13.9.0 ([#3725](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3725))
 
 ### 📈 Features/Enhancements
 

diff --git a/package.json b/package.json
@@ -272,8 +272,8 @@
     "@osd/test": "1.0.0",
     "@osd/test-subj-selector": "0.2.1",
     "@osd/utility-types": "1.0.0",
-    "@microsoft/api-documenter": "7.7.2",
-    "@microsoft/api-extractor": "7.7.0",
+    "@microsoft/api-documenter": "^7.13.78",
+    "@microsoft/api-extractor": "^7.19.3",
     "@percy/agent": "^0.28.6",
     "@testing-library/dom": "^7.24.2",
     "@testing-library/jest-dom": "^5.11.4",