From 1557cc026af19f50091be7676bd66966387d4134 Mon Sep 17 00:00:00 2001
From: ZilongX <99905560+ZilongX@users.noreply.github.com>
Date: Wed, 28 Dec 2022 15:20:54 -0800
Subject: [PATCH] [CVE] Update package info and changelog for loader-utils bump
 to 2.0.4 fixing CVE-2022-37599 and CVE-2022-37603 (#3031)

Signed-off-by: Zilong Xia <zilongx@amazon.com>
Co-authored-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: David Sinclair <david@sinclair.tech>
---
 CHANGELOG.md | 2 ++
 package.json | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 13cb0174d943..e22c1481def4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -135,6 +135,8 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Resolve sub-dependent d3-color version and potential security issue ([#2454](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2454))
 - [CVE-2022-3517] Bumps minimatch from 3.0.4 to 3.0.5 and [IBM X-Force ID: 220063] unset-value from 1.0.1 to 2.0.1 ([#2640](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2640))
 - [CVE-2022-37601] Bump loader-utils to 2.0.3 ([#2689](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2689))
+- [CVE-2022-37599] Bump loader-utils to 2.0.4 ([#3031](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3031))
+- [CVE-2022-37603] Bump loader-utils to 2.0.4 ([#3031](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3031))
 - [WS-2021-0638][Security] bump mocha to 10.1.0 ([#2711](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2711))
 
 ### 📈 Features/Enhancements
diff --git a/package.json b/package.json
index b214c93e5f85..684b74f1d64d 100644
--- a/package.json
+++ b/package.json
@@ -88,7 +88,7 @@
     "**/hoist-non-react-statics": "^3.3.2",
     "**/json-schema": "^0.4.0",
     "**/kind-of": ">=6.0.3",
-    "**/loader-utils": "^2.0.3",
+    "**/loader-utils": "^2.0.4",
     "**/node-jose": "^2.1.0",
     "**/nth-check": "^2.0.1",
     "**/qs": "^6.10.3",