🔒 Upgrade fast-xml-parser to 4.2.5 to fix regex vulnerability securit…

…y issue.
bojieyang · Jun 25, 2023 · 054229e · 054229e
1 parent 06f7d27
commit 054229e
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 14 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.1.2] - 2023-06-25
+
+### Security
+
+- Upgrade fast-xml-parser to 4.2.5 to fix regex vulnerability security issue.
+
 ## [1.1.1] - 2023-06-07
 
 ### Security

diff --git a/dist/index.js b/dist/index.js
@@ -2733,7 +2733,9 @@ module.exports = toXml;
 /***/ }),
 
 /***/ 6072:
-/***/ ((module) => {
+/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => {
+
+const util = __nccwpck_require__(8280);
 
 //TODO: handle comments
 function readDocType(xmlData, i){
@@ -2877,20 +2879,16 @@ function isNotation(xmlData, i){
     return false
 }
 
-//an entity name should not contains special characters that may be used in regex
-//Eg !?\\\/[]$%{}^&*()<>
-const specialChar = "!?\\\/[]$%{}^&*()<>|+";
-
 function validateEntityName(name){
-    for (let i = 0; i < specialChar.length; i++) {
-        const ch = specialChar[i];
-        if(name.indexOf(ch) !== -1) throw new Error(`Invalid character ${ch} in entity name`);
-    }
-    return name;
+    if (util.isName(name))
+	return name;
+    else
+        throw new Error(`Invalid entity name ${name}`);
 }
 
 module.exports = readDocType;
 
+
 /***/ }),
 
 /***/ 6993:

diff --git a/dist/index.js.map b/dist/index.js.map
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "indexnow-action",
-  "version": "1.1.1",
+  "version": "1.1.2",
   "description": "Automatically submit URLs through the IndexNow protocol.",
   "main": "index.js",
   "engines": {