Merge pull request #40 from aws-solutions/release/v1.2.6

Update to version v1.2.6
aws-solutions · Nov 21, 2024 · 91ed869 · 91ed869
2 parents b7b230b + e25240e
commit 91ed869
Show file tree

Hide file tree

Showing 8 changed files with 50 additions and 42 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,14 +5,23 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.2.6] - 2024-11-21
+
+### Changed
+
+- Library updates to address [Regular Expression Denial of Service (ReDoS) in cross-spawn](https://avd.aquasec.com/nvd/cve-2024-21538)
+- Library updates to address [micromatch: vulnerable to Regular Expression Denial of Service](https://avd.aquasec.com/nvd/cve-2024-4067)
+
 ## [1.2.5] - 2024-06-20
 
 ### Changed
+
 - Library updates to address [braces: fails to limit the number of characters it can handle](https://avd.aquasec.com/nvd/2024/cve-2024-4068/)
 
 ## [1.2.4] - 2023-10-23
 
 ### Changed
+
 - Library updates to address [Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code](https://nvd.nist.gov/vuln/detail/CVE-2023-45133)
 
 ## [1.2.3] - 2023-10-12
@@ -29,7 +38,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Library updates to address [xml2js is vulnerable to prototype pollution](https://cwe.mitre.org/data/definitions/1321.html)
 - Library updates to address [http-cache-semantics vulnerable to Regular Expression Denial of Service](https://cwe.mitre.org/data/definitions/1333.html)
 
-
 ## [1.2.1] - 2023-01-13
 
 ### Changed

diff --git a/SECURITY.md b/SECURITY.md
@@ -1,5 +1,5 @@
-Reporting Security Issues
-----------------------------------------------------------------------------------------------------------
+## Reporting Security Issues
+
 We take all security reports seriously. When we receive such reports, we will investigate and
 subsequently address any potential vulnerabilities as quickly as possible. If you discover a potential
 security issue in this project, please notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/) or

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -2,7 +2,7 @@
   "name": "cw-monitoring-framework",
   "description": "AWS Horus - A CloudWatch Monitoring Framework",
   "license": "Apache-2.0",
-  "version": "1.2.5",
+  "version": "1.2.6",
   "scripts": {
     "lint": "./node_modules/eslint/bin/eslint.js . --ext .ts",
     "prettier-format": "./node_modules/prettier/bin-prettier.js --config .prettierrc.yml '**/*.ts' --write",
@@ -22,4 +22,4 @@
     "prettier": "^3.0.3",
     "typescript": "^5.2.2"
   }
-}
+}
diff --git a/source/resources/package-lock.json b/source/resources/package-lock.json
diff --git a/source/services/dashboardHandler/package-lock.json b/source/services/dashboardHandler/package-lock.json
diff --git a/source/services/helper/package-lock.json b/source/services/helper/package-lock.json
diff --git a/source/services/tagHandler/package-lock.json b/source/services/tagHandler/package-lock.json