vdk-jupyter: pin word wrap package to newer version because of securi…

…ty issue (#2481) What: Pinned the word-wrap package to version 1.2.4. Why: All versions of the package(<1.2.4) word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable. Signed-off-by: Duygu Hasan [[email protected]](mailto:[email protected])
vmware · Jul 26, 2023 · 0e4c5a9 · 0e4c5a9
1 parent 0c9c790
commit 0e4c5a9
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 4 deletions.
diff --git a/projects/vdk-plugins/vdk-jupyter/vdk-jupyterlab-extension/package-lock.json b/projects/vdk-plugins/vdk-jupyter/vdk-jupyterlab-extension/package-lock.json
diff --git a/projects/vdk-plugins/vdk-jupyter/vdk-jupyterlab-extension/package.json b/projects/vdk-plugins/vdk-jupyter/vdk-jupyterlab-extension/package.json
@@ -90,7 +90,8 @@
     "typescript": "4.1.3",
     "@types/react": "17.0.53",
     "yjs": "^13.5.17",
-    "@jupyterlab/application": "3.6.3"
+    "@jupyterlab/application": "3.6.3",
+    "word-wrap": "1.2.4"
   },
   "devDependencies": {
     "@babel/core": "7.8.0",