Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(#2358): firstname, middlename and lastname regex not supporting myanmar script unicode strings #423

Conversation

mdebarros
Copy link
Member

@mdebarros mdebarros commented Aug 11, 2021

  • fix(#2358): firstname, middlename and lastname regex not supporting myanmar script unicode strings
    • Updated regex to match \w (used by the Mojaloop Specification) based on mappings to the ECMAScript regex specification.
    • Added unit test for putPartiesByTypeAndID endpoint with additional asian (Myanmar) unicode characters added to middleName
    • Bump to patch version
    • Updated dependencies to the latest version
    • Fixed audit-resolve issues:
--------------------------------------------------
 tar needs your attention.

[ high ] Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
 vulnerable versions <3.2.2 || >=4.0.0 <4.4.14 || >=5.0.0 <5.0.6 || >=6.0.0 <6.1.1 found in:
 - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar
[ high ] Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
 vulnerable versions <3.2.3 || >=4.0.0 <4.4.15 || >=5.0.0 <5.0.7 || >=6.0.0 <6.1.2 found in:
 - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar

Outcome: Fix applied

--------------------------------------------------
 sanitize-html needs your attention.

[ moderate ] Improper Input Validation
 vulnerable versions <2.3.1 found in:
 - dependencies: @mojaloop/central-services-shared>shins>sanitize-html
[ moderate ] Improper Input Validation
 vulnerable versions <2.3.2 found in:
 - dependencies: @mojaloop/central-services-shared>shins>sanitize-html

Outcome: Ignored for 1 week
Impact: Minimal as the dependencies are used for the Developer Documentation end-point

…yanmar script unicode strings

- Updated regex to match [\w](https://unicode.org/reports/tr18/#word) based on mappings to the [ECMAScript](https://262.ecma-international.org/9.0/#sec-runtime-semantics-unicodematchproperty-p) regex specification.
- Updated dependencies to latest version
- Fixed audit-resolve issues:

--------------------------------------------------
 tar needs your attention.

[ high ] Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
 vulnerable versions <3.2.2 || >=4.0.0 <4.4.14 || >=5.0.0 <5.0.6 || >=6.0.0 <6.1.1 found in:
 - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar
[ high ] Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
 vulnerable versions <3.2.3 || >=4.0.0 <4.4.15 || >=5.0.0 <5.0.7 || >=6.0.0 <6.1.2 found in:
 - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar

Outcome: Fix applied

--------------------------------------------------
 sanitize-html needs your attention.

[ moderate ] Improper Input Validation
 vulnerable versions <2.3.1 found in:
 - dependencies: @mojaloop/central-services-shared>shins>sanitize-html
[ moderate ] Improper Input Validation
 vulnerable versions <2.3.2 found in:
 - dependencies: @mojaloop/central-services-shared>shins>sanitize-html

 Outcome: Ignored for 1 week
 Impact: Minimal as the dependencies are used for the Developer Documentation end-point
@mdebarros mdebarros marked this pull request as draft August 11, 2021 11:13
- Additional asian (Myanmar) unicode characters added to middleName
Copy link
Member

@elnyry-sam-k elnyry-sam-k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@mdebarros mdebarros merged commit 049ce8a into mojaloop:master Aug 11, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants