Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(#2358): firstname, middlename and lastname regex not supporting myanmar script unicode strings #423

Merged
merged 3 commits into from
Aug 11, 2021
Merged

fix(#2358): firstname, middlename and lastname regex not supporting myanmar script unicode strings #423

merged 3 commits into from
Aug 11, 2021

Conversation

mdebarros
Copy link
Member

@mdebarros mdebarros commented Aug 11, 2021
edited
Loading

  • fix(#2358): firstname, middlename and lastname regex not supporting myanmar script unicode strings
    • Updated regex to match \w (used by the Mojaloop Specification) based on mappings to the ECMAScript regex specification.
    • Added unit test for putPartiesByTypeAndID endpoint with additional asian (Myanmar) unicode characters added to middleName
    • Bump to patch version
    • Updated dependencies to the latest version
    • Fixed audit-resolve issues:
--------------------------------------------------
 tar needs your attention.

[ high ] Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
 vulnerable versions <3.2.2 || >=4.0.0 <4.4.14 || >=5.0.0 <5.0.6 || >=6.0.0 <6.1.1 found in:
 - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar
[ high ] Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
 vulnerable versions <3.2.3 || >=4.0.0 <4.4.15 || >=5.0.0 <5.0.7 || >=6.0.0 <6.1.2 found in:
 - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar

Outcome: Fix applied

--------------------------------------------------
 sanitize-html needs your attention.

[ moderate ] Improper Input Validation
 vulnerable versions <2.3.1 found in:
 - dependencies: @mojaloop/central-services-shared>shins>sanitize-html
[ moderate ] Improper Input Validation
 vulnerable versions <2.3.2 found in:
 - dependencies: @mojaloop/central-services-shared>shins>sanitize-html

Outcome: Ignored for 1 week
Impact: Minimal as the dependencies are used for the Developer Documentation end-point

@mdebarros
fix(#2358): firstname, middlename and lastname regex not supporting m…
8edbb5c 
…yanmar script unicode strings

- Updated regex to match [\w](https://unicode.org/reports/tr18/#word) based on mappings to the [ECMAScript](https://262.ecma-international.org/9.0/#sec-runtime-semantics-unicodematchproperty-p) regex specification.
- Updated dependencies to latest version
- Fixed audit-resolve issues:

--------------------------------------------------
 tar needs your attention.

[ high ] Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
 vulnerable versions <3.2.2 || >=4.0.0 <4.4.14 || >=5.0.0 <5.0.6 || >=6.0.0 <6.1.1 found in:
 - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar
[ high ] Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
 vulnerable versions <3.2.3 || >=4.0.0 <4.4.15 || >=5.0.0 <5.0.7 || >=6.0.0 <6.1.2 found in:
 - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar

Outcome: Fix applied

--------------------------------------------------
 sanitize-html needs your attention.

[ moderate ] Improper Input Validation
 vulnerable versions <2.3.1 found in:
 - dependencies: @mojaloop/central-services-shared>shins>sanitize-html
[ moderate ] Improper Input Validation
 vulnerable versions <2.3.2 found in:
 - dependencies: @mojaloop/central-services-shared>shins>sanitize-html

 Outcome: Ignored for 1 week
 Impact: Minimal as the dependencies are used for the Developer Documentation end-point
@mdebarros mdebarros marked this pull request as draft August 11, 2021 11:13
@mdebarros
Added unit test for putPartiesByTypeAndID endpoint
8795265 
- Additional asian (Myanmar) unicode characters added to middleName
@mdebarros mdebarros mentioned this pull request Aug 11, 2021
Closed
@mdebarros mdebarros marked this pull request as ready for review August 11, 2021 12:02
elnyry-sam-k
elnyry-sam-k approved these changes Aug 11, 2021
View reviewed changes
Copy link
Member

@elnyry-sam-k elnyry-sam-k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@mdebarros mdebarros merged commit 049ce8a into mojaloop:master Aug 11, 2021
@mdebarros mdebarros mentioned this pull request Aug 11, 2021
Closed
45 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@elnyry-sam-k elnyry-sam-k elnyry-sam-k approved these changes

@lewisdaly lewisdaly Awaiting requested review from lewisdaly

@oderayi oderayi Awaiting requested review from oderayi

@shashi165 shashi165 Awaiting requested review from shashi165

@vgenev vgenev Awaiting requested review from vgenev

@bushjames bushjames Awaiting requested review from bushjames

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@mdebarros @elnyry-sam-k