From 3c3ad99414578d49c8e0c64fd14c0e588117c01b Mon Sep 17 00:00:00 2001 From: ZilongX <99905560+ZilongX@users.noreply.github.com> Date: Wed, 28 Dec 2022 15:20:54 -0800 Subject: [PATCH] [CVE] Update package info and changelog for loader-utils bump to 2.0.4 fixing CVE-2022-37599 and CVE-2022-37603 (#3031) Signed-off-by: Zilong Xia Co-authored-by: Josh Romero Signed-off-by: David Sinclair --- CHANGELOG.md | 2 ++ package.json | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 13cb0174d943..e22c1481def4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -135,6 +135,8 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - Resolve sub-dependent d3-color version and potential security issue ([#2454](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2454)) - [CVE-2022-3517] Bumps minimatch from 3.0.4 to 3.0.5 and [IBM X-Force ID: 220063] unset-value from 1.0.1 to 2.0.1 ([#2640](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2640)) - [CVE-2022-37601] Bump loader-utils to 2.0.3 ([#2689](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2689)) +- [CVE-2022-37599] Bump loader-utils to 2.0.4 ([#3031](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3031)) +- [CVE-2022-37603] Bump loader-utils to 2.0.4 ([#3031](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3031)) - [WS-2021-0638][Security] bump mocha to 10.1.0 ([#2711](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2711)) ### 📈 Features/Enhancements diff --git a/package.json b/package.json index 11398469005d..d363e7bb0d66 100644 --- a/package.json +++ b/package.json @@ -88,7 +88,7 @@ "**/hoist-non-react-statics": "^3.3.2", "**/json-schema": "^0.4.0", "**/kind-of": ">=6.0.3", - "**/loader-utils": "^2.0.3", + "**/loader-utils": "^2.0.4", "**/node-jose": "^2.1.0", "**/nth-check": "^2.0.1", "**/qs": "^6.10.3",