Skip to content

Upgrade ua-parser-js version #3035

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 5, 2025
Merged

Upgrade ua-parser-js version #3035

merged 1 commit into from
Feb 5, 2025

Conversation

ziyiz-amzn
Copy link
Collaborator

**Issue #:
https://www.cve.org/CVERecord?id=CVE-2022-25927

Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.

**Description of changes: upgrade to an unaffected version

Testing: npm start

Can these tested using a demo application? Please provide reproducible step-by-step instructions.

Checklist:

  1. Have you successfully run npm run build:release locally? Y

  2. Do you add, modify, or delete public API definitions? If yes, has that been reviewed and approved?

  3. Do you change the wire protocol, e.g. the request method? If yes, has that been reviewed and approved?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@ziyiz-amzn ziyiz-amzn requested a review from a team as a code owner February 5, 2025 19:48
@xuesichao xuesichao merged commit 788c8cd into main Feb 5, 2025
11 checks passed
@xuesichao xuesichao deleted the upgrade-ua-parser branch February 5, 2025 21:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xuesichao xuesichao xuesichao approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ziyiz-amzn @xuesichao