Skip to content

Commit

Permalink
vdk-jupyter: pin word wrap package to newer version because of securi…
Browse files Browse the repository at this point in the history 
…ty issue (#2481)

What: 
Pinned the word-wrap package to version 1.2.4.

Why: 
All versions of the package(<1.2.4) word-wrap are vulnerable to Regular
Expression Denial of Service (ReDoS) due to the usage of an insecure
regular expression within the result variable.

Signed-off-by: Duygu Hasan [hduygu@vmware.com](mailto:hduygu@vmware.com)
  • Loading branch information
@duyguHsnHsn
duyguHsnHsn committed Jul 26, 2023
1 parent 0c9c790 commit 0e4c5a9
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 4 deletions.
7 changes: 4 additions & 3 deletions projects/vdk-plugins/vdk-jupyter/vdk-jupyterlab-extension/package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 2 additions & 1 deletion projects/vdk-plugins/vdk-jupyter/vdk-jupyterlab-extension/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,8 @@
"typescript": "4.1.3",
"@types/react": "17.0.53",
"yjs": "^13.5.17",
"@jupyterlab/application": "3.6.3"
"@jupyterlab/application": "3.6.3",
"word-wrap": "1.2.4"
},
"devDependencies": {
"@babel/core": "7.8.0",
Expand Down

0 comments on commit 0e4c5a9

Please sign in to comment.