fix: security vulnerability CVE-2021-3765 in validator.js

node-casbin / sequelize-adapter

Sequelize adapter for Casbin

https://github.com/casbin/node-casbin

Apache License 2.0

64 stars 34 forks source link

fix: security vulnerability CVE-2021-3765 in validator.js #63

Closed samstefan closed 2 years ago

samstefan commented 2 years ago

This is to fix the security vulnerability CVE-2021-3765 in validator.js < 13.7.0. This was patched in sequelize here https://github.com/sequelize/sequelize/commit/d4f7558e6f9e04db52b440399d1d67a8cd46e46c

I've also fixed sequelize-typescript at version 2.1.2 as 2.1.3 is not compatible with sequelize 6.10.0 due to this change https://github.com/RobinBuschmann/sequelize-typescript/pull/1202. sequelize-typescript 2.1.3 was being installed in the CI due to the --no-lockfile flag passed to yarn.

casbin-bot commented 2 years ago

@Gabriel-403 @Zxilly @kingiw @nodece please review

coveralls commented 2 years ago

Pull Request Test Coverage Report for Build 2244235376

0 of 0 changed or added relevant lines in 0 files are covered.
No unchanged relevant lines lost coverage.
Overall coverage remained the same at 86.207%

Totals
Change from base Build 1040681555:	0.0%
Covered Lines:	100
Relevant Lines:	108

💛 - Coveralls

github-actions[bot] commented 2 years ago

:tada: This PR is included in version 2.3.2 :tada:

The release is available on:

npm package (@latest dist-tag)
GitHub release

Your semantic-release bot :package::rocket: