Skip to content

Commit

Permalink
[CVE-2022-48285][1.x] Bump jszip from 3.7.1 to 3.10.1 (#3740)
Browse files Browse the repository at this point in the history
* [CVE-2022-48285][1.x] Bump jszip from 3.7.1 to 3.10.1

loadAsync in JSZip before 3.8.0 allows Directory Traversal
via a crafted ZIP archive. This CVE requires to bump jszip to
3.8.0+.

Signed-off-by: Anan Zhuang <[email protected]>

* remove unecessary resolution

remove yarn.lock entry, clean and bootstrap

Signed-off-by: Josh Romero <[email protected]>

---------

Signed-off-by: Anan Zhuang <[email protected]>
Signed-off-by: Josh Romero <[email protected]>
Co-authored-by: Josh Romero <[email protected]>
Co-authored-by: Sean Neumann <[email protected]>
(cherry picked from commit 364832d)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

# Conflicts:
#	CHANGELOG.md
  • Loading branch information
github-actions[bot] committed May 11, 2023
1 parent 1253c47 commit fb657c2
Showing 1 changed file with 7 additions and 7 deletions.
14 changes: 7 additions & 7 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -13551,14 +13551,14 @@ jsx-ast-utils@^2.2.1, jsx-ast-utils@^2.4.1:
object.assign "^4.1.0"

jszip@^3.2.2:
version "3.7.1"
resolved "https://registry.yarnpkg.com/jszip/-/jszip-3.7.1.tgz#bd63401221c15625a1228c556ca8a68da6fda3d9"
integrity sha512-ghL0tz1XG9ZEmRMcEN2vt7xabrDdqHHeykgARpmZ0BiIctWxM47Vt63ZO2dnp4QYt/xJVLLy5Zv1l/xRdh2byg==
version "3.10.1"
resolved "https://registry.yarnpkg.com/jszip/-/jszip-3.10.1.tgz#34aee70eb18ea1faec2f589208a157d1feb091c2"
integrity sha512-xXDvecyTpGLrqFrvkrUSoxxfJI5AH7U8zxxtVclpsUtMCq4JQ290LY8AW5c7Ggnr/Y/oK+bQMbqK2qmtk3pN4g==
dependencies:
lie "~3.3.0"
pako "~1.0.2"
readable-stream "~2.3.6"
set-immediate-shim "~1.0.1"
setimmediate "^1.0.5"

junk@^3.1.0:
version "3.1.0"
Expand Down Expand Up @@ -18959,7 +18959,7 @@ set-harmonic-interval@^1.0.1:
resolved "https://registry.yarnpkg.com/set-harmonic-interval/-/set-harmonic-interval-1.0.1.tgz#e1773705539cdfb80ce1c3d99e7f298bb3995249"
integrity sha512-AhICkFV84tBP1aWqPwLZqFvAwqEoVA9kxNMniGEUvzOlm4vLmOFLiTT3UZ6bziJTy4bOVpzWGTfSCbmaayGx8g==

set-immediate-shim@^1.0.0, set-immediate-shim@~1.0.1:
set-immediate-shim@^1.0.0:
version "1.0.1"
resolved "https://registry.yarnpkg.com/set-immediate-shim/-/set-immediate-shim-1.0.1.tgz#4b2b1b27eb808a9f8dcc481a58e5e56f599f3f61"
integrity sha1-SysbJ+uAip+NzEgaWOXlb1mfP2E=
Expand All @@ -18974,10 +18974,10 @@ set-value@^2.0.0, set-value@^2.0.1:
is-plain-object "^2.0.3"
split-string "^3.0.1"

setimmediate@^1.0.4:
setimmediate@^1.0.4, setimmediate@^1.0.5:
version "1.0.5"
resolved "https://registry.yarnpkg.com/setimmediate/-/setimmediate-1.0.5.tgz#290cbb232e306942d7d7ea9b83732ab7856f8285"
integrity sha1-KQy7Iy4waULX1+qbg3Mqt4VvgoU=
integrity sha512-MATJdZp8sLqDl/68LfQmbP8zKPLQNV6BIZoIgrscFDQ+RsvK/BxeDQOgyxKKoh0y/8h3BqVFnCqQ/gd+reiIXA==

[email protected]:
version "1.1.0"
Expand Down

0 comments on commit fb657c2

Please sign in to comment.