From 48b8f1125add1dc1400ef47f9b4c2ad15bdb219e Mon Sep 17 00:00:00 2001
From: Anan Zhuang <ananzh@amazon.com>
Date: Thu, 29 Sep 2022 17:42:00 +0000
Subject: [PATCH] [Backport 1.x] Resolve sub-dependent d3-color version

* Addresses potential ReDoS issue from d3-color version < 3.1.0

backport PR:
https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2454

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
---
 package.json           |  3 ++-
 src/dev/jest/config.js |  4 ++--
 yarn.lock              | 13 ++++---------
 3 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/package.json b/package.json
index 97fd9b2a6a69..a5288d6a514f 100644
--- a/package.json
+++ b/package.json
@@ -78,6 +78,7 @@
     "**/@types/node": ">=10.17.17 <10.20.0",
     "**/ansi-regex": "^5.0.1",
     "**/axios": "^0.21.4",
+    "**/d3-color": "^3.1.0",
     "**/ejs": "^3.1.6",
     "**/front-matter": "^4.0.2",
     "**/glob-parent": "^6.0.0",
@@ -475,4 +476,4 @@
     "node": "10.24.1",
     "yarn": "^1.21.1"
   }
-}
+}
\ No newline at end of file
diff --git a/src/dev/jest/config.js b/src/dev/jest/config.js
index 88cfaa835801..340fbfc35180 100644
--- a/src/dev/jest/config.js
+++ b/src/dev/jest/config.js
@@ -105,9 +105,9 @@ export default {
     '^.+\\.html?$': 'jest-raw-loader',
   },
   transformIgnorePatterns: [
-    // ignore all node_modules except monaco-editor which requires babel transforms to handle dynamic import()
+    // ignore all node_modules except those which require babel transforms to handle dynamic import()
     // since ESM modules are not natively supported in Jest yet (https://github.com/facebook/jest/issues/4842)
-    '[/\\\\]node_modules(?![\\/\\\\]monaco-editor)[/\\\\].+\\.js$',
+    '[/\\\\]node_modules(?![\\/\\\\](monaco-editor|d3-color))[/\\\\].+\\.js$',
     'packages/osd-pm/dist/index.js',
   ],
   snapshotSerializers: [
diff --git a/yarn.lock b/yarn.lock
index eedec5db606a..c1121d2b977f 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -8548,15 +8548,10 @@ d3-collection@1, d3-collection@^1.0.7:
   resolved "https://registry.yarnpkg.com/d3-collection/-/d3-collection-1.0.7.tgz#349bd2aa9977db071091c13144d5e4f16b5b310e"
   integrity sha512-ii0/r5f4sjKNTfh84Di+DpztYwqKhEyUlKoPrzUFfeSkWxjW49xU2QzO9qrPrNkpdI0XJkfzvmTu8V2Zylln6A==
 
-d3-color@1, "d3-color@1 - 2", d3-color@^1.4.0:
-  version "1.4.1"
-  resolved "https://registry.yarnpkg.com/d3-color/-/d3-color-1.4.1.tgz#c52002bf8846ada4424d55d97982fef26eb3bc8a"
-  integrity sha512-p2sTHSLCJI2QKunbGb7ocOh7DgTAn8IrLx21QRc/BSnodXM4sv6aLQlnfpvehFMLZEfBc6g9pH9SWQccFYfJ9Q==
-
-d3-color@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/d3-color/-/d3-color-2.0.0.tgz#8d625cab42ed9b8f601a1760a389f7ea9189d62e"
-  integrity sha512-SPXi0TSKPD4g9tw0NMZFnR95XVgUZiBH+uUTqQuDu1OsE2zomHU7ho0FISciaPvosimixwHFl3WHLGabv6dDgQ==
+d3-color@1, "d3-color@1 - 2", d3-color@^1.4.0, d3-color@^2.0.0, d3-color@^3.1.0:
+  version "3.1.0"
+  resolved "https://registry.yarnpkg.com/d3-color/-/d3-color-3.1.0.tgz#395b2833dfac71507f12ac2f7af23bf819de24e2"
+  integrity sha512-zg/chbXyeBtMQ1LbD/WSoW2DpC3I0mpmPdW+ynRTj/x2DAWYrIY7qeZIHidozwV24m4iavr15lNwIwLxRmOxhA==
 
 d3-delaunay@^5.3.0:
   version "5.3.0"