Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[CVE] Bump loader-utils to 2.0.4 to fix CVE-2022-37599 and CVE-2022-37603 #2995

Merged
merged 1 commit into from
Dec 1, 2022

Conversation

ZilongX
Copy link
Collaborator

@ZilongX ZilongX commented Dec 1, 2022

Signed-off-by: Zilong Xia [email protected]

Description

Issues Resolved

Resolved #2560

Check List

  • All tests pass
    • yarn test:jest
    • yarn test:jest_integration
    • yarn test:ftr
  • New functionality includes testing.
  • New functionality has been documented.
  • Update CHANGELOG.md
  • Commits are signed per the DCO using --signoff

@ZilongX ZilongX added v1.3.7 Mend: dependency security vulnerability Security vulnerability detected by Mend cve Security vulnerabilities detected by Dependabot or Mend labels Dec 1, 2022
@zhongnansu
Copy link
Member

waiting for CI to pass, then I'll merge

@AMoo-Miki AMoo-Miki merged commit 38a30df into opensearch-project:1.x Dec 1, 2022
opensearch-trigger-bot bot pushed a commit that referenced this pull request Dec 1, 2022
…7603 (#2995)

Signed-off-by: Zilong Xia <[email protected]>

Signed-off-by: Zilong Xia <[email protected]>
(cherry picked from commit 38a30df)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
AMoo-Miki pushed a commit that referenced this pull request Dec 2, 2022
…7603 (#2995) (#3002)

Signed-off-by: Zilong Xia <[email protected]>

Signed-off-by: Zilong Xia <[email protected]>
(cherry picked from commit 38a30df)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

Signed-off-by: Zilong Xia <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport 1.3 cve Security vulnerabilities detected by Dependabot or Mend Mend: dependency security vulnerability Security vulnerability detected by Mend v1.3.7
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants