[Backport 1.3] [CVE-2022-48285][1.x] Bump jszip from 3.7.1 to 3.10.1 #4011
Commits on May 11, 2023
-
[CVE-2022-48285][1.x] Bump jszip from 3.7.1 to 3.10.1 (#3740)
* [CVE-2022-48285][1.x] Bump jszip from 3.7.1 to 3.10.1 loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. This CVE requires to bump jszip to 3.8.0+. Signed-off-by: Anan Zhuang <ananzh@amazon.com> * remove unecessary resolution remove yarn.lock entry, clean and bootstrap Signed-off-by: Josh Romero <rmerqg@amazon.com> --------- Signed-off-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Sean Neumann <1413295+seanneumann@users.noreply.github.com> (cherry picked from commit 364832d) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> # Conflicts: # CHANGELOG.md
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.