Skip to content

Commit

Permalink
[CVE-2024-4067][CVE-2024-4068] Bump packages dependent on braces vers…
Browse files Browse the repository at this point in the history
…ions lower than 3.0.3 (#792)

Bumped:
* `braces` from 3.0.2 to 3.0.3
* `micromatch` from 4.0.4 to 4.0.7
* `picomatch` from 2.3.0 to 2.3.1

Also bumped:
* `json11` from 1.0.4 to 1.1.2
* `graceful-fs` from 4.2.8 to 4.2.10

Also patch-bumped the package to v2.9.1

Signed-off-by: Miki <[email protected]>
  • Loading branch information
AMoo-Miki authored Jun 7, 2024
1 parent fb13781 commit 1564a3e
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 30 deletions.
9 changes: 9 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,15 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
### Fixed
### Security

## [2.9.1]
### Dependencies
- Bumps `json11` from 1.0.4 to 1.1.2
- Bumps `graceful-fs` from 4.2.8 to 4.2.10
- Bumps `picomatch` from 2.3.0 to 2.3.1
### Security
- [CVE-2024-4068] Bumps `braces` from 3.0.2 to 3.0.3
- [CVE-2024-4067] Bumps `micromatch` from 4.0.4 to 4.0.7

## [2.9.0]
### Dependencies
- Bumps `@aws-sdk/types` from 3.535.0 to 3.577.0
Expand Down
4 changes: 2 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@
}
},
"homepage": "https://www.opensearch.org/",
"version": "2.9.0",
"version": "2.9.1",
"versionCanary": "7.10.0-canary.6",
"keywords": [
"opensearch",
Expand Down Expand Up @@ -98,7 +98,7 @@
"xmlbuilder2": "^3.0.2"
},
"dependencies": {
"json11": "^1.0.4",
"json11": "^1.1.2",
"aws4": "^1.11.0",
"debug": "^4.3.1",
"hpagent": "^1.2.0",
Expand Down
51 changes: 23 additions & 28 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -874,12 +874,12 @@ brace-expansion@^2.0.1:
dependencies:
balanced-match "^1.0.0"

braces@^3.0.1, braces@~3.0.2:
version "3.0.2"
resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.2.tgz#3454e1a462ee8d599e236df336cd9ea4f8afe107"
integrity sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==
braces@^3.0.3, braces@~3.0.2:
version "3.0.3"
resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.3.tgz#490332f40919452272d55a8480adc0c441358789"
integrity sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==
dependencies:
fill-range "^7.0.1"
fill-range "^7.1.1"

browserslist@^4.16.6:
version "4.16.7"
Expand Down Expand Up @@ -1584,10 +1584,10 @@ file-entry-cache@^6.0.1:
dependencies:
flat-cache "^3.0.4"

fill-range@^7.0.1:
version "7.0.1"
resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-7.0.1.tgz#1919a6a7c75fe38b2c7c77e5198535da9acdda40"
integrity sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==
fill-range@^7.1.1:
version "7.1.1"
resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-7.1.1.tgz#44265d3cac07e3ea7dc247516380643754a05292"
integrity sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==
dependencies:
to-regex-range "^5.0.1"

Expand Down Expand Up @@ -1781,12 +1781,7 @@ globby@^11.0.1:
merge2 "^1.3.0"
slash "^3.0.0"

graceful-fs@^4.1.15, graceful-fs@^4.1.2:
version "4.2.8"
resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.8.tgz#e412b8d33f5e006593cbd3cee6df9f2cebbe802a"
integrity sha512-qkIilPUYcNhJpd33n0GBXTB1MMPp14TxEsEs0pTrsSVucApsYzW5V+Q8Qxhik6KU3evy+qkAAowTByymK0avdg==

graceful-fs@^4.1.9:
graceful-fs@^4.1.15, graceful-fs@^4.1.2, graceful-fs@^4.1.9:
version "4.2.10"
resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.10.tgz#147d3a006da4ca3ce14728c7aefc287c367d7a6c"
integrity sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA==
Expand Down Expand Up @@ -2224,10 +2219,10 @@ json-stable-stringify-without-jsonify@^1.0.1:
resolved "https://registry.yarnpkg.com/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz#9db7b59496ad3f3cfef30a75142d2d930ad72651"
integrity sha1-nbe1lJatPzz+8wp1FC0tkwrXJlE=

json11@^1.0.4:
version "1.0.4"
resolved "https://registry.yarnpkg.com/json11/-/json11-1.0.4.tgz#47df69bc54bc0239211020f5ef234f4fe8ffac5f"
integrity sha512-4o9dcmRyqy2O4wDaUnv8YtrVEm1NBVVIPCN/z6en8PH+LyFdZsE2trW7hbl4+CwI4pTBKZa/JKKoT8zqO7EV8w==
json11@^1.1.2:
version "1.1.2"
resolved "https://registry.yarnpkg.com/json11/-/json11-1.1.2.tgz#35ffd3ee5073b0cc09ef826b0a0dc005ebef2b5b"
integrity sha512-5r1RHT1/Gr/jsI/XZZj/P6F11BKM8xvTaftRuiLkQI9Z2PFDukM82Ysxw8yDszb3NJP/NKnRlSGmhUdG99rlBw==

json5@^2.1.2:
version "2.2.3"
Expand Down Expand Up @@ -2443,12 +2438,12 @@ merge2@^1.3.0:
integrity sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==

micromatch@^4.0.4:
version "4.0.4"
resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-4.0.4.tgz#896d519dfe9db25fce94ceb7a500919bf881ebf9"
integrity sha512-pRmzw/XUcwXGpD9aI9q/0XOwLNygjETJ8y0ao0wdqprrzDa4YnxLcz7fQRZr8voh8V10kGhABbNcHVk5wHgWwg==
version "4.0.7"
resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-4.0.7.tgz#33e8190d9fe474a9895525f5618eee136d46c2e5"
integrity sha512-LPP/3KorzCwBxfeUuZmaR6bG2kdeHSbe0P2tY3FLRU4vYrjYz5hI4QZwV0njUx3jeuKe67YukQ1LSPZBKDqO/Q==
dependencies:
braces "^3.0.1"
picomatch "^2.2.3"
braces "^3.0.3"
picomatch "^2.3.1"

mimic-fn@^2.1.0:
version "2.1.0"
Expand Down Expand Up @@ -2866,10 +2861,10 @@ picocolors@^1.0.0:
resolved "https://registry.yarnpkg.com/picocolors/-/picocolors-1.0.0.tgz#cb5bdc74ff3f51892236eaf79d68bc44564ab81c"
integrity sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ==

picomatch@^2.0.4, picomatch@^2.2.1, picomatch@^2.2.3:
version "2.3.0"
resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.3.0.tgz#f1f061de8f6a4bf022892e2d128234fb98302972"
integrity sha512-lY1Q/PiJGC2zOv/z391WOTD+Z02bCgsFfvxoXXf6h7kv9o+WmsmzYqrAwY63sNgOxE4xEdq0WyUnXfKeBrSvYw==
picomatch@^2.0.4, picomatch@^2.2.1, picomatch@^2.3.1:
version "2.3.1"
resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.3.1.tgz#3ba3833733646d9d3e4995946c1365a67fb07a42"
integrity sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==

pkg-dir@^4.1.0:
version "4.2.0"
Expand Down

0 comments on commit 1564a3e

Please sign in to comment.