Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Manual Backport 1.x][CVE-2022-46175] Update json5 to 1.0.2 and 2.2.3 #3335

Merged
merged 2 commits into from
Jan 27, 2023
Merged

[Manual Backport 1.x][CVE-2022-46175] Update json5 to 1.0.2 and 2.2.3 #3335

merged 2 commits into from
Jan 27, 2023

Conversation

ananzh
Copy link
Member

@ananzh ananzh commented Jan 26, 2023

Description

Bumps json5 version from 1.0.1 and 2.2.1 to 1.0.2 and 2.2.3

Backport PR

#3201

Issue Resolved

#3148

Check List

  • All tests pass
    • yarn test:jest
    • yarn test:jest_integration
    • yarn test:ftr
  • New functionality includes testing.
  • New functionality has been documented.
  • Update CHANGELOG.md
  • Commits are signed per the DCO using --signoff

@ananzh ananzh requested a review from BSFishy January 26, 2023 20:17
@ananzh ananzh added backport 1.3 cve Security vulnerabilities detected by Dependabot or Mend labels Jan 26, 2023
BSFishy
BSFishy previously approved these changes Jan 26, 2023
View reviewed changes
@ananzh
[Manual Backport 1.x][CVE-2022-46175] Update json5 to 1.0.2 and 2.2.3
67a68df 
Bumps json5 version from 1.0.1 and 2.2.1 to 1.0.2 and 2.2.3

Backport PR: opensearch-project#3201
Issue Resolved:
opensearch-project#3148

Signed-off-by: Anan Zhuang <[email protected]>
BSFishy
BSFishy previously approved these changes Jan 26, 2023
View reviewed changes
@ananzh ananzh changed the title [Manual Backport 1.x][CVE-2022-46175] Bumps json5 [Manual Backport 1.x][CVE-2022-46175] Update json5 to 1.0.2 and 2.2.3 Jan 26, 2023
AMoo-Miki
AMoo-Miki previously approved these changes Jan 27, 2023
View reviewed changes
abbyhu2000
abbyhu2000 previously approved these changes Jan 27, 2023
View reviewed changes
@ananzh ananzh dismissed stale reviews from abbyhu2000, AMoo-Miki, and BSFishy via 1d37a94 January 27, 2023 01:03
@codecov-commenter
Copy link

Codecov Report

Merging #3335 (1d37a94) into 1.x (ff4c6e0) will decrease coverage by 0.05%.
The diff coverage is n/a.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@            Coverage Diff             @@
##              1.x    #3335      +/-   ##
==========================================
- Coverage   67.49%   67.45%   -0.05%     
==========================================
  Files        3044     3044              
  Lines       58696    58696              
  Branches     8902     8902              
==========================================
- Hits        39617    39591      -26     
- Misses      16931    16952      +21     
- Partials     2148     2153       +5
Flag Coverage Δ
Linux 67.45% <ø> (ø)
Windows ?

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
src/dev/build/lib/get_build_number.ts 57.14% <0.00%> (-42.86%) ⬇️
packages/osd-cross-platform/src/path.ts 48.83% <0.00%> (-37.21%) ⬇️
...ges/osd-apm-config-loader/src/config.test.mocks.ts 91.30% <0.00%> (-8.70%) ⬇️
src/dev/build/lib/config.ts 79.41% <0.00%> (-5.89%) ⬇️
src/setup_node_env/harden/child_process.js 84.61% <0.00%> (-3.85%) ⬇️
...ic/application/models/sense_editor/sense_editor.ts 64.88% <0.00%> (-0.89%) ⬇️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@ananzh ananzh merged commit 0cc894a into opensearch-project:1.x Jan 27, 2023
opensearch-trigger-bot bot pushed a commit that referenced this pull request Jan 27, 2023
@github-actions
[Manual Backport 1.x][CVE-2022-46175] Update json5 to 1.0.2 and 2.2.3 (
464d866 
…#3335)

Bumps json5 version from 1.0.1 and 2.2.1 to 1.0.2 and 2.2.3

Backport PR: #3201
Issue Resolved:
#3148

Signed-off-by: Anan Zhuang <[email protected]>

Signed-off-by: Anan Zhuang <[email protected]>
(cherry picked from commit 0cc894a)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Jan 27, 2023
Closed
@joshuarrrr joshuarrrr added not in release PRs backported to already shipped releases with no future release planned v1.3.8 and removed not in release PRs backported to already shipped releases with no future release planned labels Mar 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abbyhu2000 abbyhu2000 abbyhu2000 approved these changes

@AMoo-Miki AMoo-Miki AMoo-Miki approved these changes

@BSFishy BSFishy BSFishy left review comments

Assignees
No one assigned
Labels
backport 1.3 cve Security vulnerabilities detected by Dependabot or Mend v1.3.8
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@ananzh @codecov-commenter @AMoo-Miki @BSFishy @abbyhu2000 @joshuarrrr