request #37600 Ignore html-minifier CVE-2022-37620

Artifact

Infos

Artifact ID#37600

Submitted byThomas Gerbet (tgerbet)

Last Modified On2024-04-23 16:57

Submitted on2024-04-23 10:01

Rank39191

Details

Summary *

Ignore html-minifier CVE-2022-37620

Original Submission

It is a transitive dep of ng-cache-loader which is only used in a dev/build scenario. The issue itself is a ReDoS which is not really meaningful in this context as we do run it on untrusted code.

CategoryDev tools

Reported in versionEmpty

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toThomas Gerbet (tgerbet)

StatusClosed

Close date2024-04-23

Attachments

Connected artifacts

Artifact links

Releases

Fixed in

	Artifact ID	Project	Tracker	Summary	Status	Last Update Date	Submitted By	Assigned to
	rel #36797	Tuleap	Releases	15.8	Delivered	2024-24-04 13:48	Manuel Vacelet (vaceletm)

Reverse artifact links

Empty

AttachmentsEmpty

References

Cross references

Referencing request #37600

Git commit

tuleap/tuleap/stable

chore: request #37600 Ignore html-minifier CVE-2022-37620 89ed00a639

Thomas Gerbet (tgerbet) , 2024-04-23 10:08

Merge commit 'refs/changes/53/30953/1' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD 00a561ef19

Yannis ROSSETTO (rossettoy) , 2024-04-23 16:56

Show items referenced by request #37600

Referenced by request #37600

Artifact Tracker v5

rel #36797 15.8

Other

gerrit #30953

Follow-ups

Yannis ROSSETTO (rossettoy)

2024-04-23 16:57

Status changed from Under review to Closed
Connected artifacts
- Added Fixed in: rel #36797
Close date set to 2024-04-23

Thomas Gerbet (tgerbet)

2024-04-23 10:18

See gerrit #30953.

Status changed from Under implementation to Under review

Public