From 2e4a4cd7b53cb41e0f391689f16482f6c25af5c3 Mon Sep 17 00:00:00 2001 From: Kawika Avilla Date: Wed, 11 May 2022 20:08:08 +0000 Subject: [PATCH] [CVE] Resolves grunt to 1.5.3 Addresses CVE-2022-1537 Issue: https://github.com/opensearch-project/OpenSearch-Dashboards/issues/1579 Signed-off-by: Kawika Avilla --- release-notes/opensearch-dashboards.release-notes-2.0.0.md | 1 + yarn.lock | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/release-notes/opensearch-dashboards.release-notes-2.0.0.md b/release-notes/opensearch-dashboards.release-notes-2.0.0.md index ea51413a084f..3eefb8c8bbfb 100644 --- a/release-notes/opensearch-dashboards.release-notes-2.0.0.md +++ b/release-notes/opensearch-dashboards.release-notes-2.0.0.md @@ -18,6 +18,7 @@ * Removes UI Framework KUI doc site ([#1379](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/1379)) ### 🛡 Security +* [CVE-2022-1537] Resolves grunt to 1.5.3 ([#1580](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/1580)) * [CVE-2022-1214] Bumps chromedriver to v100 and axios to v0.27.2 ([#1552](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/1552)) * [CVE-2021-44531] [CVE-2022-21824] [CVE-2022-0778] [CVE-2021-44532] [CVE-2021-44533] Bumps Node.js from v14.18.2 to v14.19.1 ([#1487](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/1487)) * [CVE-2022-0436] Bumps grunt from v1.4.1 to v1.5.2 ([#1451](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/1451)) diff --git a/yarn.lock b/yarn.lock index 5c4347de5f3e..c0bd12420ec6 100644 --- a/yarn.lock +++ b/yarn.lock @@ -9498,9 +9498,9 @@ grunt-run@^0.8.1: strip-ansi "^3.0.0" grunt@^1.5.2: - version "1.5.2" - resolved "https://registry.yarnpkg.com/grunt/-/grunt-1.5.2.tgz#46b014e28d17c85baac19d5e891bb3f04923c098" - integrity sha512-XCtfaIu72OyDqK24MjWiGC9SwlkuhkS1mrULr1xzuJ2XqAFhP3ZAchZGHJeSCY6mkaOXU4F7SbmmCF7xIVoC9w== + version "1.5.3" + resolved "https://registry.yarnpkg.com/grunt/-/grunt-1.5.3.tgz#3214101d11257b7e83cf2b38ea173b824deab76a" + integrity sha512-mKwmo4X2d8/4c/BmcOETHek675uOqw0RuA/zy12jaspWqvTp4+ZeQF1W+OTpcbncnaBsfbQJ6l0l4j+Sn/GmaQ== dependencies: dateformat "~3.0.3" eventemitter2 "~0.4.13"