nodejs/0002-deps-ansi-regex-fix-po...

46 lines
2.0 KiB
Diff

From 8fc20d21cd7861ecc4f034ae82234a05227c2c12 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Thu, 9 Dec 2021 15:48:46 +0100
Subject: [PATCH] deps(ansi-regex): fix potential ReDoS
This is the upstream fix [1] applied to all applicable bundled deps.
[1]: https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
Fixes: CVE-2021-3807
Signed-off-by: rpm-build <rpm-build>
---
.../node_modules/string-width/node_modules/ansi-regex/index.js | 2 +-
deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js b/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js
index c4aaecf..7d32201 100644
--- a/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js
+++ b/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js
@@ -2,7 +2,7 @@
module.exports = () => {
const pattern = [
- '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[a-zA-Z\\d]*)*)?\\u0007)',
+ '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PRZcf-ntqry=><~]))'
].join('|');
diff --git a/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js b/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js
index c254480..9e37ec3 100644
--- a/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js
+++ b/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js
@@ -6,7 +6,7 @@ module.exports = options => {
}, options);
const pattern = [
- '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
+ '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))'
].join('|');
--
2.38.1