Vulnerability "Inefficient Regular Expression Complexity in validator.js"
georgii-sirotkin opened this issue ยท 9 comments
Which service(blob, file, queue, table) does this issue concern?
Vulnerability is found in validator dependency
Which version of the SDK was used?
2.10.5
What's the Node.js/Browser version?
6.14.6
What problem was encountered?
npm audit
finds vulnerability "Inefficient Regular Expression Complexity in validator.js" GHSA-qgmg-gppg-76g5
Steps to reproduce the issue?
npm audit
Have you found a mitigation/solution?
PR #699 has been created by dependabot
This is impacting our npm audits as well. Would love to see this merged and published. ๐
Another vulnerability - Regular Expression Denial of Service is also detected in validator 13.6.0 and is fixed in 13.7.0.
https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090600
Would love to see this published.
Checking up on this since the PR #699 was created 2 weeks ago. Would also like to see this merged and published.
please merge this, thanks a lot.
please merge this, thanks a lot.
Hi @EmmaZhu , thank you for merging the PR. Could you please share an information on when the new version of the package will be released?
Hi @DmitriyKirakosyan ,
We are preparing for the release, should be able to release it in the next week.
Thanks
Emma
We published azure-storage@2.10.6 to upgrade to validator 13.7.0. to address this issue.
Thanks
Emma