Blob Blame History Raw
From 8fc20d21cd7861ecc4f034ae82234a05227c2c12 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Thu, 9 Dec 2021 15:48:46 +0100
Subject: [PATCH] deps(ansi-regex): fix potential ReDoS

This is the upstream fix [1] applied to all applicable bundled deps.

[1]: https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9

Fixes: CVE-2021-3807
Signed-off-by: rpm-build <rpm-build>
---
 .../node_modules/string-width/node_modules/ansi-regex/index.js  | 2 +-
 deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js b/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js
index c4aaecf..7d32201 100644
--- a/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js
+++ b/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js
@@ -2,7 +2,7 @@
 
 module.exports = () => {
 	const pattern = [
-		'[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[a-zA-Z\\d]*)*)?\\u0007)',
+		'[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
 		'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PRZcf-ntqry=><~]))'
 	].join('|');
 
diff --git a/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js b/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js
index c254480..9e37ec3 100644
--- a/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js
+++ b/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js
@@ -6,7 +6,7 @@ module.exports = options => {
 	}, options);
 
 	const pattern = [
-		'[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
+		'[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
 		'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))'
 	].join('|');
 
-- 
2.38.1