Fix: Handle all valid ST characters #58
Merged
+15
−11
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
llimllib
force-pushed
the
llimllib/fix-osc-st-characters
branch
from
90f687f to
e96b184
Compare
According to wiki, all of [0x1b5c, 0x07, 0x9C] are valid ST (string terminator) signals, so support them all.
llimllib
force-pushed
the
llimllib/fix-osc-st-characters
branch
from
e96b184 to
2ae99de
Compare
|
The tests have passed, but I think that |
Yeah, do that. |
|
done, and merged main too. Thanks for fixing that up |
sindresorhus
changed the title
jasnell
pushed a commit
to nodejs/node
that referenced
this pull request
Sep 21, 2024
PR-URL: #54865 Refs: chalk/ansi-regex#58 Reviewed-By: Ruben Bridgewater <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Moshe Atlow <[email protected]> Reviewed-By: James M Snell <[email protected]>
jasnell
pushed a commit
to nodejs/node
that referenced
this pull request
Sep 21, 2024
PR-URL: #54865 Refs: chalk/ansi-regex#58 Reviewed-By: Ruben Bridgewater <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Moshe Atlow <[email protected]> Reviewed-By: James M Snell <[email protected]>
targos
pushed a commit
to nodejs/node
that referenced
this pull request
Oct 4, 2024
PR-URL: #54865 Refs: chalk/ansi-regex#58 Reviewed-By: Ruben Bridgewater <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Moshe Atlow <[email protected]> Reviewed-By: James M Snell <[email protected]>
targos
pushed a commit
to nodejs/node
that referenced
this pull request
Oct 4, 2024
PR-URL: #54865 Refs: chalk/ansi-regex#58 Reviewed-By: Ruben Bridgewater <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Moshe Atlow <[email protected]> Reviewed-By: James M Snell <[email protected]>
stormz310
approved these changes
Oct 20, 2024
louwers
pushed a commit
to louwers/node
that referenced
this pull request
Nov 2, 2024
PR-URL: nodejs#54865 Refs: chalk/ansi-regex#58 Reviewed-By: Ruben Bridgewater <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Moshe Atlow <[email protected]> Reviewed-By: James M Snell <[email protected]>
louwers
pushed a commit
to louwers/node
that referenced
this pull request
Nov 2, 2024
PR-URL: nodejs#54865 Refs: chalk/ansi-regex#58 Reviewed-By: Ruben Bridgewater <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Moshe Atlow <[email protected]> Reviewed-By: James M Snell <[email protected]>
marco-ippolito
pushed a commit
to nodejs/node
that referenced
this pull request
Nov 16, 2024
PR-URL: #54865 Refs: chalk/ansi-regex#58 Reviewed-By: Ruben Bridgewater <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Moshe Atlow <[email protected]> Reviewed-By: James M Snell <[email protected]>
marco-ippolito
pushed a commit
to nodejs/node
that referenced
this pull request
Nov 16, 2024
PR-URL: #54865 Refs: chalk/ansi-regex#58 Reviewed-By: Ruben Bridgewater <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Moshe Atlow <[email protected]> Reviewed-By: James M Snell <[email protected]>
marco-ippolito
pushed a commit
to nodejs/node
that referenced
this pull request
Nov 17, 2024
PR-URL: #54865 Refs: chalk/ansi-regex#58 Reviewed-By: Ruben Bridgewater <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Moshe Atlow <[email protected]> Reviewed-By: James M Snell <[email protected]>
marco-ippolito
pushed a commit
to nodejs/node
that referenced
this pull request
Nov 17, 2024
PR-URL: #54865 Refs: chalk/ansi-regex#58 Reviewed-By: Ruben Bridgewater <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Moshe Atlow <[email protected]> Reviewed-By: James M Snell <[email protected]>
tpoisseau
pushed a commit
to tpoisseau/node
that referenced
this pull request
Nov 21, 2024
PR-URL: nodejs#54865 Refs: chalk/ansi-regex#58 Reviewed-By: Ruben Bridgewater <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Moshe Atlow <[email protected]> Reviewed-By: James M Snell <[email protected]>
tpoisseau
pushed a commit
to tpoisseau/node
that referenced
this pull request
Nov 21, 2024
PR-URL: nodejs#54865 Refs: chalk/ansi-regex#58 Reviewed-By: Ruben Bridgewater <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Moshe Atlow <[email protected]> Reviewed-By: James M Snell <[email protected]>
lukey-luke
pushed a commit
to CMSgov/dpc-app
that referenced
this pull request
Feb 28, 2025
 <h3>Snyk has created this PR to upgrade ansi-regex from 6.0.1 to 6.1.0.</h3> :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/> - The recommended version is **1 version** ahead of your current version. - The recommended version was released **6 months ago**. <details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>ansi-regex</b></summary> <ul> <li> <b>6.1.0</b> - <a href="https://redirect.github.com/chalk/ansi-regex/releases/tag/v6.1.0">2024-09-09</a></br><ul> <li>Match cursorSave and cursorRestore escape codes (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1037673499" data-permission-text="Title is private" data-url="chalk/ansi-regex#45" data-hovercard-type="pull_request" data-hovercard-url="/chalk/ansi-regex/pull/45/hovercard" href="https://redirect.github.com/chalk/ansi-regex/pull/45">#45</a>) <a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https://github.com/chalk/ansi-regex/commit/02fa893d619d3da85411acc8fd4e2eea0e95a9d9/hovercard" href="https://redirect.github.com/chalk/ansi-regex/commit/02fa893d619d3da85411acc8fd4e2eea0e95a9d9"><tt>02fa893</tt></a></li> <li>Fix: Handle all valid ST characters (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2505760732" data-permission-text="Title is private" data-url="chalk/ansi-regex#58" data-hovercard-type="pull_request" data-hovercard-url="/chalk/ansi-regex/pull/58/hovercard" href="https://redirect.github.com/chalk/ansi-regex/pull/58">#58</a>) <a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https://github.com/chalk/ansi-regex/commit/9cba40dc3df00ee7316c01db4955d31ef7527012/hovercard" href="https://redirect.github.com/chalk/ansi-regex/commit/9cba40dc3df00ee7316c01db4955d31ef7527012"><tt>9cba40d</tt></a></li> </ul> <p><a class="commit-link" href="https://redirect.github.com/chalk/ansi-regex/compare/v6.0.1...v6.1.0"><tt>v6.0.1...v6.1.0</tt></a></p> </li> <li> <b>6.0.1</b> - <a href="https://redirect.github.com/chalk/ansi-regex/releases/tag/v6.0.1">2021-09-10</a></br><h3>Fixes</h3> <ul> <li>Fix <a href="https://en.wikipedia.org/wiki/ReDoS" rel="nofollow">ReDoS</a> in certain cases (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="992144440" data-permission-text="Title is private" data-url="chalk/ansi-regex#37" data-hovercard-type="pull_request" data-hovercard-url="/chalk/ansi-regex/pull/37/hovercard" href="https://redirect.github.com/chalk/ansi-regex/pull/37">#37</a>)<br> You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.</li> </ul> <p><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3807" rel="nofollow">CVE-2021-3807</a></p> <p><a class="commit-link" href="https://redirect.github.com/chalk/ansi-regex/compare/v6.0.0...v6.0.1"><tt>v6.0.0...v6.0.1</tt></a></p> <p>Thank you <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/yetingli/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/yetingli">@ yetingli</a> for the patch and reproduction case!</p> </li> </ul> from <a href="https://redirect.github.com/chalk/ansi-regex/releases">ansi-regex GitHub release notes</a> </details> </details> --- > [!IMPORTANT] > > - Check the changes in this PR to ensure they won't cause issues with your project. > - This PR was automatically created by Snyk using the credentials of a real user. --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs._ **For more information:** <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI2Yzg2ZmFlNi1kN2I5LTQyNmMtYWU3Yi03MzRhZmRmODZmYjAiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjZjODZmYWU2LWQ3YjktNDI2Yy1hZTdiLTczNGFmZGY4NmZiMCJ9fQ==" width="0" height="0"/> > - 🧐 [View latest project report](https://app.snyk.io/org/oeda/project/1a7ace33-7e4c-495f-8b89-dccaf4d6617a?utm_source=github&utm_medium=referral&page=upgrade-pr) > - 📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates?utm_source=&utm_content=fix-pr-template) > - 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/oeda/project/1a7ace33-7e4c-495f-8b89-dccaf4d6617a/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) > - 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/oeda/project/1a7ace33-7e4c-495f-8b89-dccaf4d6617a/settings/integration?pkg=ansi-regex&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades) [//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"ansi-regex","from":"6.0.1","to":"6.1.0"}],"env":"prod","hasFixes":false,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[],"prId":"6c86fae6-d7b9-426c-ae7b-734afdf86fb0","prPublicId":"6c86fae6-d7b9-426c-ae7b-734afdf86fb0","packageManager":"npm","priorityScoreList":[],"projectPublicId":"1a7ace33-7e4c-495f-8b89-dccaf4d6617a","projectUrl":"https://app.snyk.io/org/oeda/project/1a7ace33-7e4c-495f-8b89-dccaf4d6617a?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":[],"type":"auto","upgrade":[],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2024-09-09T13:57:56.873Z"},"vulns":[]}' Co-authored-by: snyk-bot <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There is no OSC spec, but it appears that most emulators accept
0x1B 0x5Cas anSTcharacter, with0x07and0x9Cas alternatives with a bit less support.This PR updates the regular expression to match all three of
0x1b 0x5C,0x07, and0x9Cas an ST character, and updates the test file accordingly.Choices I made, any of which I'm happy to change if you prefer:
Closes #56