Address SNYK Vulnerability "Regular Expression Denial of Service (ReDoS): in package.json

[hbparache]

Description

• introduced through: @aws-sdk/client-s3@3.213.0, @cumulus/common@13.4.0 and others
• fixed in: fast-xml-parser@4.2.4
• exploit maturity: no known exploit

Details

Introduced through: csdap-cumulus@1.0.0 › @aws-sdk/client-s3@3.213.0 › fast-xml-parser@4.0.11

• [x] Fix: Upgrade to @aws-sdk/client-s3@3.347.1

Introduced through: csdap-cumulus@1.0.0 › @aws-sdk/client-s3@3.213.0 › @aws-sdk/client-sts@3.213.0 › fast-xml-parser@4.0.11

• [x] Fix: Upgrade to @aws-sdk/client-s3@3.347.1

Introduced through: csdap-cumulus@1.0.0 › @cumulus/common@13.4.0 › @aws-sdk/client-s3@3.213.0 › fast-xml-parser@4.0.11

• [x] Fix: Your dependencies are out of date, otherwise you would be using a newer fast-xml-parser than fast-xml-parser@4.0.11. Try relocking your lockfile or deleting node_modules. If the problem persists, one of your dependencies may be bundling outdated modules.

Introduced through: csdap-cumulus@1.0.0 › @cumulus/common@13.4.0 › @aws-sdk/client-s3@3.213.0 › @aws-sdk/client-sts@3.213.0 › fast-xml-parser@4.0.11

• [x] Fix: Your dependencies are out of date, otherwise you would be using a newer fast-xml-parser than fast-xml-parser@4.0.11. Try relocking your lockfile or deleting node_modules. If the problem persists, one of your dependencies may be bundling outdated modules.

Introduced through: csdap-cumulus@1.0.0 › @cumulus/cmrjs@13.4.0 › @cumulus/common@13.4.0 › @aws-sdk/client-s3@3.213.0 › fast-xml-parser@4.0.11

• [x] Fix: Your dependencies are out of date, otherwise you would be using a newer fast-xml-parser than fast-xml-parser@4.0.11. Try relocking your lockfile or deleting node_modules. If the problem persists, one of your dependencies may be bundling outdated modules.

Introduced through: csdap-cumulus@1.0.0 › @cumulus/aws-client@13.4.0 › @aws-sdk/client-api-gateway@3.145.0 › @aws-sdk/client-sts@3.145.0 › fast-xml-parser@3.19.0

• [x] Fix: Your dependencies are out of date, otherwise you would be using a newer fast-xml-parser than fast-xml-parser@3.19.0. Try relocking your lockfile or deleting node_modules. If the problem persists, one of your dependencies may be bundling outdated modules.

Introduced through: csdap-cumulus@1.0.0 › @cumulus/cmrjs@13.4.0 › @cumulus/common@13.4.0 › @aws-sdk/client-s3@3.213.0 › @aws-sdk/client-sts@3.213.0 › fast-xml-parser@4.0.11

• [x] Fix: Your dependencies are out of date, otherwise you would be using a newer fast-xml-parser than fast-xml-parser@4.0.11. Try relocking your lockfile or deleting node_modules. If the problem persists, one of your dependencies may be bundling outdated modules.

Introduced through: csdap-cumulus@1.0.0 › @cumulus/common@13.4.0 › @cumulus/aws-client@13.4.0 › @aws-sdk/client-api-gateway@3.145.0 › @aws-sdk/client-sts@3.145.0 › fast-xml-parser@3.19.0

• [x] Fix: Your dependencies are out of date, otherwise you would be using a newer fast-xml-parser than fast-xml-parser@3.19.0. Try relocking your lockfile or deleting node_modules. If the problem persists, one of your dependencies may be bundling outdated modules.

Introduced through: csdap-cumulus@1.0.0 › @cumulus/cmrjs@13.4.0 › @cumulus/aws-client@13.4.0 › @aws-sdk/client-api-gateway@3.145.0 › @aws-sdk/client-sts@3.145.0 › fast-xml-parser@3.19.0

• [x] Fix: Your dependencies are out of date, otherwise you would be using a newer fast-xml-parser than fast-xml-parser@3.19.0. Try relocking your lockfile or deleting node_modules. If the problem persists, one of your dependencies may be bundling outdated modules.

Introduced through: csdap-cumulus@1.0.0 › @cumulus/cmrjs@13.4.0 › @cumulus/common@13.4.0 › @cumulus/aws-client@13.4.0 › @aws-sdk/client-api-gateway@3.145.0 › @aws-sdk/client-sts@3.145.0 › fast-xml-parser@3.19.0

• [x] Fix: Your dependencies are out of date, otherwise you would be using a newer fast-xml-parser than fast-xml-parser@3.19.0. Try relocking your lockfile or deleting node_modules. If the problem persists, one of your dependencies may be bundling outdated modules.

[chuckwondo]

Upgraded aws-sdk to 3.370.0. See #221.