Skip to content

Commit

Permalink
[backport 1.x] bump shelljs from 0.8.4 to 0.8.5 (#2511)
Browse files Browse the repository at this point in the history
Resolves CVE-2022-0144 by bumping package shelljs to 0.8.5

Signed-off-by: Anan Zhuang <[email protected]>
(cherry picked from commit 38790c5)
  • Loading branch information
ananzh authored and github-actions[bot] committed Oct 6, 2022
1 parent 377e1f0 commit 2794387
Show file tree
Hide file tree
Showing 4 changed files with 10 additions and 26 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
### Deprecations

### 🛡 Security
* [CVE-2022-0144] Bump shelljs from 0.8.4 to 0.8.5 ([#2511](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2511))

### 📈 Features/Enhancements

Expand Down
5 changes: 3 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,8 @@
"**/trim": "^0.0.3",
"**/trim-newlines": "^3.0.1",
"**/typescript": "4.0.2",
"**/url-parse": "^1.5.8"
"**/url-parse": "^1.5.8",
"**/shelljs": "0.8.5"
},
"workspaces": {
"packages": [
Expand Down Expand Up @@ -475,4 +476,4 @@
"node": "10.24.1",
"yarn": "^1.21.1"
}
}
}
1 change: 1 addition & 0 deletions release-notes/opensearch-dashboards.release-notes-1.3.6.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
* [CVE-2022-23713] Handle invalid query, index and date in vega charts filter handlers ([#1932](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/1932))
* Use a forced CSP-compliant interpreter with Vega visualizations ([#2352](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2352))
* Bump moment-timezone from 0.5.34 to 0.5.37 ([#2361](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2361))
* [CVE-2022-0144] Bump shelljs from 0.8.4 to 0.8.5 ([#2511](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2511))

### 🚞 Infrastructure

Expand Down
29 changes: 5 additions & 24 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -7096,11 +7096,6 @@ case-sensitive-paths-webpack-plugin@^2.2.0:
resolved "https://registry.yarnpkg.com/case-sensitive-paths-webpack-plugin/-/case-sensitive-paths-webpack-plugin-2.2.0.tgz#3371ef6365ef9c25fa4b81c16ace0e9c7dc58c3e"
integrity sha512-u5ElzokS8A1pm9vM3/iDgTcI3xqHxuCao94Oz8etI3cf0Tio0p8izkDYbTIn09uP3yUUr6+veaE6IkjnTYS46g==

caniuse-lite@^1.0.30001317:
version "1.0.30001397"
resolved "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001397.tgz"
integrity sha512-SW9N2TbCdLf0eiNDRrrQXx2sOkaakNZbCjgNpPyMJJbiOrU5QzMIrXOVMRM1myBXTD5iTkdrtU/EguCrBocHlA==

caseless@~0.12.0:
version "0.12.0"
resolved "https://registry.yarnpkg.com/caseless/-/caseless-0.12.0.tgz#1b681c21ff84033c826543090689420d187151dc"
Expand Down Expand Up @@ -17170,7 +17165,7 @@ module-details-from-path@^1.0.3:
resolved "https://registry.yarnpkg.com/module-details-from-path/-/module-details-from-path-1.0.3.tgz#114c949673e2a8a35e9d35788527aa37b679da2b"
integrity sha1-EUyUlnPiqKNenTV4hSeqN7Z52is=

moment-timezone@*, moment-timezone@^0.5.27:
moment-timezone@^0.5.27:
version "0.5.37"
resolved "https://registry.yarnpkg.com/moment-timezone/-/moment-timezone-0.5.37.tgz#adf97f719c4e458fdb12e2b4e87b8bec9f4eef1e"
integrity sha512-uEDzDNFhfaywRl+vwXxffjjq1q0Vzr+fcQpQ1bU0kbzorfS7zVtZnCnGc8mhWmF39d4g4YriF6kwA75mJKE/Zg==
Expand Down Expand Up @@ -21667,24 +21662,10 @@ [email protected]:
resolved "https://registry.yarnpkg.com/shell-quote/-/shell-quote-1.7.2.tgz#67a7d02c76c9da24f99d20808fcaded0e0e04be2"
integrity sha512-mRz/m/JVscCrkMyPqHc/bczi3OQHkLTqXHEFu0zDhK/qfv3UcOA4SVmRCLmos4bhjr9ekVQubj/R7waKapmiQg==

shelljs@^0.6.0:
version "0.6.1"
resolved "https://registry.yarnpkg.com/shelljs/-/shelljs-0.6.1.tgz#ec6211bed1920442088fe0f70b2837232ed2c8a8"
integrity sha1-7GIRvtGSBEIIj+D3Cyg3Iy7SyKg=

shelljs@^0.8.3:
version "0.8.3"
resolved "https://registry.yarnpkg.com/shelljs/-/shelljs-0.8.3.tgz#a7f3319520ebf09ee81275b2368adb286659b097"
integrity sha512-fc0BKlAWiLpwZljmOvAOTE/gXawtCoNrP5oaY7KIaQbbyHeQVg01pSEuEGvGh3HEdBU4baCD7wQBwADmM/7f7A==
dependencies:
glob "^7.0.0"
interpret "^1.0.0"
rechoir "^0.6.2"

shelljs@^0.8.4, shelljs@~0.8:
version "0.8.4"
resolved "https://registry.yarnpkg.com/shelljs/-/shelljs-0.8.4.tgz#de7684feeb767f8716b326078a8a00875890e3c2"
integrity sha512-7gk3UZ9kOfPLIAbslLzyWeGiEqx9e3rxwZM0KE6EL8GlGwjym9Mrlx5/p33bWTu9YG6vcS4MBxYZDHYr5lr8BQ==
[email protected], shelljs@^0.6.0, shelljs@^0.8.3, shelljs@^0.8.4, shelljs@~0.8:
version "0.8.5"
resolved "https://registry.yarnpkg.com/shelljs/-/shelljs-0.8.5.tgz#de055408d8361bed66c669d2f000538ced8ee20c"
integrity sha512-TiwcRcrkhHvbrZbnRcFYMLl30Dfov3HKqzp5tO5b4pt6G/SezKcYhmDg15zXVBswHmctSAQKznqNW2LO5tTDow==
dependencies:
glob "^7.0.0"
interpret "^1.0.0"
Expand Down

0 comments on commit 2794387

Please sign in to comment.