Skip to content

Commit

Permalink
Bumps simple-git from 3.4.0 to 3.15.0
Browse files Browse the repository at this point in the history
Resolve CVE-2022-25912. The package simple-git before 3.15.
vulnerable to Remote Code Execution (RCE)

Signed-off-by: Anan Zhuang <[email protected]>
  • Loading branch information
ananzh committed Dec 7, 2022
1 parent 2f840e5 commit aa878a1
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 5 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
### Removed
### Fixed
### Security
- [CVE-2022-25912] Bumps simple-git from 3.4.0 to 3.15.0 ([#341](https://github.com/opensearch-project/opensearch-js/pull/341))

## [2.1]
### Added
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@
"proxy": "^1.0.2",
"rimraf": "^3.0.2",
"semver": "^7.3.5",
"simple-git": "^3.5.0",
"simple-git": "^3.15.0",
"simple-statistics": "^7.7.0",
"split2": "^3.2.2",
"stoppable": "^1.1.0",
Expand Down
8 changes: 4 additions & 4 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -2841,10 +2841,10 @@ signal-exit@^3.0.4, signal-exit@^3.0.6:
resolved "https://registry.yarnpkg.com/signal-exit/-/signal-exit-3.0.7.tgz#a9a1767f8af84155114eaabd73f99273c8f59ad9"
integrity sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==

simple-git@^3.5.0:
version "3.13.0"
resolved "https://registry.yarnpkg.com/simple-git/-/simple-git-3.13.0.tgz#36589e201c28cecaca6f3a898e7257c6610e8588"
integrity sha512-VYrs3joeHvWGcN3K135RpGpPjm4AHYeOrclwew6LlfHgq6ozQYIW2yMnmjf4PCgVOuSYCbXkdUjyiFawuJz8MA==
simple-git@^3.15.0:
version "3.15.1"
resolved "https://registry.yarnpkg.com/simple-git/-/simple-git-3.15.1.tgz#57f595682cb0c2475d5056da078a05c8715a25ef"
integrity sha512-73MVa5984t/JP4JcQt0oZlKGr42ROYWC3BcUZfuHtT3IHKPspIvL0cZBnvPXF7LL3S/qVeVHVdYYmJ3LOTw4Rg==
dependencies:
"@kwsites/file-exists" "^1.1.1"
"@kwsites/promise-deferred" "^1.1.1"
Expand Down

0 comments on commit aa878a1

Please sign in to comment.