From f62074aa0dceebcee8e328b7ca6113d306c27c0a Mon Sep 17 00:00:00 2001 From: Anan Zhuang Date: Fri, 27 Jan 2023 03:14:59 +0000 Subject: [PATCH] [Manual Backport 2.x][CVE-2022-25860] Bumps simple-git from 3.15.1 to 3.16.0 Backport PR https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3345 Issue Resolved https://github.com/opensearch-project/OpenSearch-Dashboards/issues/3329 Signed-off-by: Anan Zhuang --- CHANGELOG.md | 1 + package.json | 2 +- packages/osd-opensearch/package.json | 2 +- yarn.lock | 8 ++++---- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cc4481aa527f..76f081bc2a8a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) ### 🛡 Security - [CVE-2022-37601][CVE-2022-37599] Bump loader-utils to 2.0.4 ([#3318](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3318)) +- [CVE-2022-25860] Bumps simple-git from 3.15.1 to 3.16.0 ([#3345](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3345)) ### 📈 Features/Enhancements diff --git a/package.json b/package.json index bc5d61123065..402a5e7fff71 100644 --- a/package.json +++ b/package.json @@ -437,7 +437,7 @@ "reselect": "^4.0.0", "resize-observer-polyfill": "^1.5.1", "selenium-webdriver": "^4.0.0-alpha.7", - "simple-git": "^3.15.0", + "simple-git": "^3.16.0", "sinon": "^7.4.2", "strip-ansi": "^6.0.0", "stylelint": "^14.5.2", diff --git a/packages/osd-opensearch/package.json b/packages/osd-opensearch/package.json index 740c4fd7fab9..88a6733757a6 100644 --- a/packages/osd-opensearch/package.json +++ b/packages/osd-opensearch/package.json @@ -22,7 +22,7 @@ "getopts": "^2.2.5", "glob": "^7.1.7", "node-fetch": "^2.6.7", - "simple-git": "^3.15.0", + "simple-git": "^3.16.0", "tar-fs": "^2.1.0", "tree-kill": "^1.2.2", "yauzl": "^2.10.0" diff --git a/yarn.lock b/yarn.lock index 34381d989328..29102f47b90a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -15824,10 +15824,10 @@ signal-exit@^3.0.0, signal-exit@^3.0.2, signal-exit@^3.0.3, signal-exit@^3.0.7: resolved "https://registry.yarnpkg.com/signal-exit/-/signal-exit-3.0.7.tgz#a9a1767f8af84155114eaabd73f99273c8f59ad9" integrity sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ== -simple-git@^3.15.0: - version "3.15.1" - resolved "https://registry.yarnpkg.com/simple-git/-/simple-git-3.15.1.tgz#57f595682cb0c2475d5056da078a05c8715a25ef" - integrity sha512-73MVa5984t/JP4JcQt0oZlKGr42ROYWC3BcUZfuHtT3IHKPspIvL0cZBnvPXF7LL3S/qVeVHVdYYmJ3LOTw4Rg== +simple-git@^3.16.0: + version "3.16.0" + resolved "https://registry.yarnpkg.com/simple-git/-/simple-git-3.16.0.tgz#421773e24680f5716999cc4a1d60127b4b6a9dec" + integrity sha512-zuWYsOLEhbJRWVxpjdiXl6eyAyGo/KzVW+KFhhw9MqEEJttcq+32jTWSGyxTdf9e/YCohxRE+9xpWFj9FdiJNw== dependencies: "@kwsites/file-exists" "^1.1.1" "@kwsites/promise-deferred" "^1.1.1"