https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/luxon-inefficient-regular-expression-complexity/m-p/1252453#M4361 <P>Any traction on this from esri yet?</P> Fri, 27 Jan 2023 18:23:03 GMT René_Ténière 2023-01-27T18:23:03Z https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/luxon-inefficient-regular-expression-complexity/m-p/1249329#M4347 <P>Hello</P><P>I'm getting an error&nbsp; today in my pipeline that runs npm audit -prod</P><P>luxon 2.0.0 - 2.5.1<BR />Severity: high<BR />Luxon Inefficient Regular Expression Complexity vulnerability - <A href="https://github.com/advisories/GHSA-3xq5-wjfh-ppjc" target="_blank" rel="noopener">https://github.com/advisories/GHSA-3xq5-wjfh-ppjc</A><BR />fix available via `npm audit fix --force`<BR />Will install <a href="https://community.esri.com/t5/user/viewprofilepage/user-id/642472">@ArcGIS</a>/core@4.25.5, which is outside the stated dependency range<BR />node_modules/luxon<BR /><a href="https://community.esri.com/t5/user/viewprofilepage/user-id/642472">@ArcGIS</a>/core 4.21.0-next.20210721 - 4.25.0-next.20221108<BR />Depends on vulnerable versions of luxon<BR />node_modules/@arcgis/core</P><P>All version of ArcGis are using luxon versions that have this vulnerability. In git hub for luxon it says to update to newer versions</P><P><A href="https://github.com/advisories/GHSA-3xq5-wjfh-ppjc" target="_blank" rel="noopener">https://github.com/advisories/GHSA-3xq5-wjfh-ppjc</A></P><P>Is ArcGis going to release an update soon? if not i cannot release my app since i'm not allowed to deploy high severity vulnerabilities.<BR />Is there a work around while you work on an upgrade?</P><P>Thank you</P><P>Fabian</P> Thu, 19 Jan 2023 00:37:09 GMT https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/luxon-inefficient-regular-expression-complexity/m-p/1249329#M4347 FabianHanggi 2023-01-19T00:37:09Z https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/luxon-inefficient-regular-expression-complexity/m-p/1249718#M4348 <P>Also encountering this issue</P> Thu, 19 Jan 2023 21:45:07 GMT https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/luxon-inefficient-regular-expression-complexity/m-p/1249718#M4348 Stacy-Rendall 2023-01-19T21:45:07Z https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/luxon-inefficient-regular-expression-complexity/m-p/1252381#M4360 <P>Same issue here.</P> Fri, 27 Jan 2023 15:50:10 GMT https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/luxon-inefficient-regular-expression-complexity/m-p/1252381#M4360 Anonymous User 2023-01-27T15:50:10Z https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/luxon-inefficient-regular-expression-complexity/m-p/1252453#M4361 <P>Any traction on this from esri yet?</P> Fri, 27 Jan 2023 18:23:03 GMT https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/luxon-inefficient-regular-expression-complexity/m-p/1252453#M4361 René_Ténière 2023-01-27T18:23:03Z https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/luxon-inefficient-regular-expression-complexity/m-p/1252585#M4362 <P>Response from ESRI support</P><P>&nbsp;</P><P>Hello Fabian,<BR /><BR />I did receive a response from Esri inc. and this issue&nbsp;has already been resolved in the next release. When the next release comes out you will just need to upgrade. The next release has been updated to 3.2.1.<BR /><BR />The next release of the JavaScript SDK is scheduled for late February or early march of 2023.<BR /><BR />Let me know if you have any further questions.<BR /><BR /><BR />Thank you,<BR />Victor C.<BR />Esri Canada<BR /><BR /></P> Fri, 27 Jan 2023 23:59:38 GMT https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/luxon-inefficient-regular-expression-complexity/m-p/1252585#M4362 FabianHanggi 2023-01-27T23:59:38Z https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/luxon-inefficient-regular-expression-complexity/m-p/1253581#M4367 <P>4.26&nbsp;does not depend on version(s) of the Luxon module affected by CVE-2023-22467.<BR /><BR />You can validate this by installing the 4.26 release using the following command:</P><P>&nbsp;npm install <a href="https://community.esri.com/t5/user/viewprofilepage/user-id/642472">@ArcGIS</a>/core@next</P> Tue, 31 Jan 2023 22:18:32 GMT https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/luxon-inefficient-regular-expression-complexity/m-p/1253581#M4367 Anonymous User 2023-01-31T22:18:32Z https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/luxon-inefficient-regular-expression-complexity/m-p/1253810#M4370 <P>I am still in development so I will wait for the official release.</P> Wed, 01 Feb 2023 14:19:30 GMT https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/luxon-inefficient-regular-expression-complexity/m-p/1253810#M4370 René_Ténière 2023-02-01T14:19:30Z https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/luxon-inefficient-regular-expression-complexity/m-p/1267817#M4407 <P>Just installed 4.26.5. This issue has been resolved</P> Tue, 14 Mar 2023 22:09:38 GMT https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/luxon-inefficient-regular-expression-complexity/m-p/1267817#M4407 FabianHanggi 2023-03-14T22:09:38Z