[Manual Backport 2.x][CVE-2023-26486][CVE-2023-26487] Bump vega from …

…5.22.1 to 5.23.0

Bump vega from 5.22.1 to 5.23.0. This will also bump vega-function
from 5.13.0 to 5.13.1.

Backport PR:
https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3533/files

Issue Resolved:
opensearch-project#3526
opensearch-project#3525

Signed-off-by: Anan Zhuang <[email protected]>

CHANGELOG.md

@@ -13,6 +13,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - [CVE-2023-25166] Bump formula from 3.0.0 to 3.0.1 ([#3416](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3416))
 - [CVE-2022-25758][CVE-2020-24025] Bump node-sass to 7.0.3 and sass-loader to 10.4.1 in 2.x ([#3455](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3455))
 - [CVE-2022-24999] Resolve qs from 6.5.3 to 6.11.0 ([#3450](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3450))
+- [CVE-2023-26486][CVE-2023-26487] Bump vega from 5.22.1 to 5.23.0 ([#3533](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3533))
 
 ### 📈 Features/Enhancements
 

package.json

@@ -456,7 +456,7 @@
     "tree-kill": "^1.2.2",
     "typescript": "4.0.2",
     "ui-select": "0.19.8",
-    "vega": "^5.17.3",
+    "vega": "^5.23.0",
     "vega-interpreter": "npm:@amoo-miki/[email protected]",
     "vega-lite": "^4.16.8",
     "vega-lite-next": "npm:vega-lite@^5.6.0",

packages/osd-optimizer/src/worker/webpack.config.ts

@@ -89,7 +89,7 @@ export function getWebpackConfig(bundle: Bundle, bundleRefs: BundleRefs, worker:
       // already bundled with all its necessary depedencies
       noParse: [
         /[\/\\]node_modules[\/\\]lodash[\/\\]index\.js$/,
-        /[\/\\]node_modules[\/\\]vega[\/\\]build[\/\\]vega\.js$/,
+        /[\/\\]node_modules[\/\\]vega[\/\\]build-es5[\/\\]vega\.js$/,
       ],
 
       rules: [