Skip to content

Commit 82d3d5d

Browse files
samruddhikhandalesamruddhikhandale
authored
Universal & Javascript-node: Update 'ansi-regex' due to CVE-2021-3807 (#289)
* Universal & Javascript-node: Update 'ansi-regex' due to CVE-2021-3807 * update * update
1 parent 25e5c69 commit 82d3d5d

File tree

3 files changed

+13
-1
lines changed

3 files changed

+13
-1
lines changed

src/javascript-node/.devcontainer/library-scripts/add-patch.sh

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,4 +10,7 @@ IMAGE_VARIANT=$1
1010
if [[ "${IMAGE_VARIANT}" =~ "14" ]] ; then
1111
cd /usr/local/lib/node_modules/npm
1212
npm update --save
13+
14+
cd /usr/local/lib/node_modules/npm/node_modules/string-width
15+
npm install ansi-regex --save
1316
fi

src/universal/.devcontainer/local-features/setup-user/install.sh

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,10 @@ NPM_PACKAGES_LIST="ansi-regex
6666
cd /usr/local/share/nvm/versions/node/v14*/lib/node_modules/npm
6767
npm install ${NPM_PACKAGES_LIST}
6868

69+
# Temporary: ansi-regex: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3807
70+
cd /usr/local/share/nvm/versions/node/v14*/lib/node_modules/npm/node_modules/string-width
71+
npm install ansi-regex --save
72+
6973
# Temporary due to minimist: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44906 & https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7598
7074
cd /usr/local/share/nvm/versions/node/v14*/lib/node_modules/npm/node_modules/tacks
7175
npm update mkdirp

src/universal/test-project/test.sh

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -185,7 +185,7 @@ decodeVersion=$(npm ls --depth 1 --json | jq -r '.dependencies."decode-uri-compo
185185
check-version-ge "decode-uri-component" "${decodeVersion}" "0.2.1"
186186

187187
ansiVersion=$(npm ls --depth 1 --json | jq -r '.dependencies."ansi-regex".version')
188-
check-version-ge "ansi-regex" "${ansiVersion}" "6.0.0"
188+
check-version-ge "ansi-regex" "${ansiVersion}" "6.0.1"
189189

190190
minimatchVersion=$(npm ls --depth 1 --json | jq -r '.dependencies.minimatch.version')
191191
check-version-ge "minimatch" "${minimatchVersion}" "3.0.5"
@@ -196,6 +196,11 @@ check-version-ge "got" "${gotVersion}" "12.1.0"
196196
qsVersion=$(npm ls --depth 1 --json | jq -r '.dependencies.qs.version')
197197
check-version-ge "qs" "${qsVersion}" "6.10"
198198

199+
cd /usr/local/share/nvm/versions/node/v14*/lib/node_modules/npm/node_modules/string-width
200+
201+
ansiVersion=$(npm ls --depth 1 --json | jq -r '.dependencies."ansi-regex".version')
202+
check-version-ge "ansi-regex-2" "${ansiVersion}" "6.0.1"
203+
199204
cd /usr/local/share/nvm/versions/node/v14*/lib/node_modules/npm/node_modules/tacks
200205

201206
minimistVersion=$(npm ls --depth 1 --json | jq -r '.dependencies.mkdirp.dependencies.minimist.version')

0 commit comments

Comments
 (0)