Backport 2.x Fix CVEs for ag-grid, ws and braces packages (opensearch…

…-project#1990) * [Bug] CVE fix for ag (opensearch-project#1989) * update package to fix CVEs Signed-off-by: Adam Tackett <[email protected]> * include yarnlock Signed-off-by: Adam Tackett <[email protected]> * change ag for cve Signed-off-by: Adam Tackett <[email protected]> * update release notes Signed-off-by: Adam Tackett <[email protected]> --------- Signed-off-by: Adam Tackett <[email protected]> Signed-off-by: Shenoy Pratik <[email protected]> Co-authored-by: Adam Tackett <[email protected]> Co-authored-by: Shenoy Pratik <[email protected]> (cherry picked from commit 196dd35) * backport cve Signed-off-by: Adam Tackett <[email protected]> * update depend Signed-off-by: Adam Tackett <[email protected]> * update snapshots Signed-off-by: Adam Tackett <[email protected]> --------- Signed-off-by: Adam Tackett <[email protected]> Co-authored-by: Adam Tackett <[email protected]>
sumukhswamy · Jul 24, 2024 · 9999979 · 9999979
1 parent 46657ee
commit 9999979
Show file tree

Hide file tree

Showing 9 changed files with 45 additions and 41 deletions.
diff --git a/package.json b/package.json
@@ -16,13 +16,13 @@
     "cypress:parallel": "cypress-parallel -s cypress:run -t 2 -d .cypress/integration"
   },
   "dependencies": {
-    "@ag-grid-community/styles": "^31.2.0",
+    "@ag-grid-community/styles": "^31.3.4",
     "@algolia/autocomplete-core": "^1.4.1",
     "@algolia/autocomplete-theme-classic": "^1.2.1",
     "@nteract/outputs": "^3.0.11",
     "@nteract/presentational-components": "^3.4.3",
     "@reduxjs/toolkit": "^1.6.1",
-    "ag-grid-react": "^31.2.0",
+    "ag-grid-react": "^31.3.4",
     "ajv": "^8.11.0",
     "antlr4": "4.8.0",
     "antlr4ts": "^0.5.0-alpha.4",
@@ -68,6 +68,8 @@
     "yaml": "^2.2.2",
     "tough-cookie": "^4.1.3",
     "semver": "^7.5.2",
-    "@cypress/request": "^3.0.0"
+    "@cypress/request": "^3.0.0",
+    "braces": "^3.0.3",
+    "ws": "^8.18.0"
   }
 }
diff --git a/public/components/common/search/__tests__/__snapshots__/search.test.tsx.snap b/public/components/common/search/__tests__/__snapshots__/search.test.tsx.snap
@@ -571,7 +571,7 @@ exports[`Explorer Search component renders basic component 1`] = `
                                           hasArrow={true}
                                           isOpen={false}
                                           ownFocus={true}
-                                          panelPaddingSize="s"
+                                          panelPaddingSize="m"
                                         >
                                           <div
                                             className="euiPopover euiPopover--anchorDownLeft"

diff --git a/public/components/custom_panels/__tests__/__snapshots__/custom_panel_view.test.tsx.snap b/public/components/custom_panels/__tests__/__snapshots__/custom_panel_view.test.tsx.snap
@@ -2153,7 +2153,7 @@ exports[`Panels View Component renders panel view container with visualizations
                                             hasArrow={true}
                                             isOpen={false}
                                             ownFocus={true}
-                                            panelPaddingSize="s"
+                                            panelPaddingSize="m"
                                           >
                                             <div
                                               className="euiPopover euiPopover--anchorDownLeft"
@@ -4404,7 +4404,7 @@ exports[`Panels View Component renders panel view container without visualizatio
                                             hasArrow={true}
                                             isOpen={false}
                                             ownFocus={true}
-                                            panelPaddingSize="s"
+                                            panelPaddingSize="m"
                                           >
                                             <div
                                               className="euiPopover euiPopover--anchorDownLeft"

diff --git a/public/components/metrics/top_menu/__tests__/__snapshots__/top_menu.test.tsx.snap b/public/components/metrics/top_menu/__tests__/__snapshots__/top_menu.test.tsx.snap
@@ -516,7 +516,7 @@ exports[`Metrics Top Menu Component renders Top Menu Component when enabled 1`]
                               hasArrow={true}
                               isOpen={false}
                               ownFocus={true}
-                              panelPaddingSize="s"
+                              panelPaddingSize="m"
                             >
                               <div
                                 className="euiPopover euiPopover--anchorDownLeft"

diff --git a/...onents/trace_analytics/components/common/__tests__/__snapshots__/search_bar.test.tsx.snap b/...onents/trace_analytics/components/common/__tests__/__snapshots__/search_bar.test.tsx.snap
@@ -220,7 +220,7 @@ exports[`Search bar components renders date picker 1`] = `
                   hasArrow={true}
                   isOpen={false}
                   ownFocus={true}
-                  panelPaddingSize="s"
+                  panelPaddingSize="m"
                 >
                   <div
                     className="euiPopover euiPopover--anchorDownLeft"
@@ -729,7 +729,7 @@ exports[`Search bar components renders search bar 1`] = `
                             hasArrow={true}
                             isOpen={false}
                             ownFocus={true}
-                            panelPaddingSize="s"
+                            panelPaddingSize="m"
                           >
                             <div
                               className="euiPopover euiPopover--anchorDownLeft"

diff --git a/...onents/trace_analytics/components/services/__tests__/__snapshots__/services.test.tsx.snap b/...onents/trace_analytics/components/services/__tests__/__snapshots__/services.test.tsx.snap
@@ -938,7 +938,7 @@ exports[`Services component renders empty services page 1`] = `
                                 hasArrow={true}
                                 isOpen={false}
                                 ownFocus={true}
-                                panelPaddingSize="s"
+                                panelPaddingSize="m"
                               >
                                 <div
                                   className="euiPopover euiPopover--anchorDownLeft"
@@ -3145,7 +3145,7 @@ exports[`Services component renders jaeger services page 1`] = `
                                 hasArrow={true}
                                 isOpen={false}
                                 ownFocus={true}
-                                panelPaddingSize="s"
+                                panelPaddingSize="m"
                               >
                                 <div
                                   className="euiPopover euiPopover--anchorDownLeft"
@@ -4783,7 +4783,7 @@ exports[`Services component renders services page 1`] = `
                                 hasArrow={true}
                                 isOpen={false}
                                 ownFocus={true}
-                                panelPaddingSize="s"
+                                panelPaddingSize="m"
                               >
                                 <div
                                   className="euiPopover euiPopover--anchorDownLeft"

diff --git a/...components/trace_analytics/components/traces/__tests__/__snapshots__/traces.test.tsx.snap b/...components/trace_analytics/components/traces/__tests__/__snapshots__/traces.test.tsx.snap
@@ -956,7 +956,7 @@ exports[`Traces component renders empty traces page 1`] = `
                                 hasArrow={true}
                                 isOpen={false}
                                 ownFocus={true}
-                                panelPaddingSize="s"
+                                panelPaddingSize="m"
                               >
                                 <div
                                   className="euiPopover euiPopover--anchorDownLeft"
@@ -2634,7 +2634,7 @@ exports[`Traces component renders jaeger traces page 1`] = `
                                 hasArrow={true}
                                 isOpen={false}
                                 ownFocus={true}
-                                panelPaddingSize="s"
+                                panelPaddingSize="m"
                               >
                                 <div
                                   className="euiPopover euiPopover--anchorDownLeft"
@@ -4315,7 +4315,7 @@ exports[`Traces component renders traces page 1`] = `
                                 hasArrow={true}
                                 isOpen={false}
                                 ownFocus={true}
-                                panelPaddingSize="s"
+                                panelPaddingSize="m"
                               >
                                 <div
                                   className="euiPopover euiPopover--anchorDownLeft"

diff --git a/release-notes/dashboards-observability.release-notes-2.16.0.0.md b/release-notes/dashboards-observability.release-notes-2.16.0.0.md
@@ -22,3 +22,5 @@ Compatible with OpenSearch and OpenSearch Dashboards version 2.16.0
 
 ### Maintenance
 * updated java version from 11 to 21 ([#1940](https://github.com/opensearch-project/dashboards-observability/pull/1940))
+* [Bug] Fix CVEs for ag-grid, ws and braces packages ([#1987](https://github.com/opensearch-project/dashboards-observability/pull/1987))
+* [Bug] CVE fix for ag ([#1989](https://github.com/opensearch-project/dashboards-observability/pull/1989))
diff --git a/yarn.lock b/yarn.lock
@@ -2,10 +2,10 @@
 # yarn lockfile v1
 
 
-"@ag-grid-community/styles@^31.2.0":
-  version "31.2.0"
-  resolved "https://registry.yarnpkg.com/@ag-grid-community/styles/-/styles-31.2.0.tgz#7605338f2e0f3a3c2e7952f0e96360600033316c"
-  integrity sha512-fU6wDpK0//dJLp5pwojuTUQPi4nVZ4iTBF1yaQw+6NXeGi0ma7rz7IOS6Idw0XXE3ELKGTuO7QUJmxxdL7kykw==
+"@ag-grid-community/styles@^31.3.4":
+  version "31.3.4"
+  resolved "https://registry.yarnpkg.com/@ag-grid-community/styles/-/styles-31.3.4.tgz#e88a36a8c68456ba78479f56e74a225396d44a68"
+  integrity sha512-5pgt/Qq/GxiJi59UA17ltG5U4r0J+GB3S/QCysJFi6kmgmCDsbCfisekTwSh0xxOGO+OIhejoqsOuEnTcw78kg==
 
 "@algolia/autocomplete-core@^1.4.1":
   version "1.11.0"
@@ -359,17 +359,17 @@ acorn@^7.1.1:
   resolved "https://registry.yarnpkg.com/acorn/-/acorn-7.4.1.tgz#feaed255973d2e77555b83dbc08851a6c63520fa"
   integrity sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A==
 
-ag-grid-community@31.2.0:
-  version "31.2.0"
-  resolved "https://registry.yarnpkg.com/ag-grid-community/-/ag-grid-community-31.2.0.tgz#376f07a3a7dd5c87d8cb6f660e4e338ec70663d1"
-  integrity sha512-Ija6X171Iq3mFZASZlriQIIdEFqA71rZIsjQD6KHy5lMmxnoseZTX2neThBav1gvr6SA6n5B2PD6eUHdZnrUfw==
+ag-grid-community@31.3.4:
+  version "31.3.4"
+  resolved "https://registry.yarnpkg.com/ag-grid-community/-/ag-grid-community-31.3.4.tgz#d9397672d6941aebc633a37b2b32e3637aa05642"
+  integrity sha512-jOxQO86C6eLnk1GdP24HB6aqaouFzMWizgfUwNY5MnetiWzz9ZaAmOGSnW/XBvdjXvC5Fpk3gSbvVKKQ7h9kBw==
 
-ag-grid-react@^31.2.0:
-  version "31.2.0"
-  resolved "https://registry.yarnpkg.com/ag-grid-react/-/ag-grid-react-31.2.0.tgz#c3e90edd4ccac3fbb113b657ad6192bc2d85e314"
-  integrity sha512-ObFdPmF3EC7/xWZX8NjrZjURePyFa72MWjb1ZgUqDP7Wq09OSXXyKBN1qXmfUIT3h4o5+os6tCQEqoo7Op+3ZA==
+ag-grid-react@^31.3.4:
+  version "31.3.4"
+  resolved "https://registry.yarnpkg.com/ag-grid-react/-/ag-grid-react-31.3.4.tgz#3e0659c455cbf0facb5af457f260fccb8eb87bea"
+  integrity sha512-WmPASHRFGSTxCMRStWG5bRtln0Ugsdqbb3+Y8sEyGHeLw4hXqfpqie3lT9kqCOl7wPWUjCpwmFdXzRnWPmyyeg==
   dependencies:
-    ag-grid-community "31.2.0"
+    ag-grid-community "31.3.4"
     prop-types "^15.8.1"
 
 aggregate-error@^3.0.0:
@@ -603,12 +603,12 @@ brace-expansion@^1.1.7:
     balanced-match "^1.0.0"
     concat-map "0.0.1"
 
-braces@^3.0.2, braces@~3.0.2:
-  version "3.0.2"
-  resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.2.tgz#3454e1a462ee8d599e236df336cd9ea4f8afe107"
-  integrity sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==
+braces@^3.0.2, braces@^3.0.3, braces@~3.0.2:
+  version "3.0.3"
+  resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.3.tgz#490332f40919452272d55a8480adc0c441358789"
+  integrity sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==
   dependencies:
-    fill-range "^7.0.1"
+    fill-range "^7.1.1"
 
 [email protected]:
   version "1.3.1"
@@ -1398,10 +1398,10 @@ file-entry-cache@^5.0.1:
   dependencies:
     flat-cache "^2.0.1"
 
-fill-range@^7.0.1:
-  version "7.0.1"
-  resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-7.0.1.tgz#1919a6a7c75fe38b2c7c77e5198535da9acdda40"
-  integrity sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==
+fill-range@^7.1.1:
+  version "7.1.1"
+  resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-7.1.1.tgz#44265d3cac07e3ea7dc247516380643754a05292"
+  integrity sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==
   dependencies:
     to-regex-range "^5.0.1"
 
@@ -3493,10 +3493,10 @@ [email protected]:
   dependencies:
     mkdirp "^0.5.1"
 
-[email protected]:
-  version "8.13.0"
-  resolved "https://registry.yarnpkg.com/ws/-/ws-8.13.0.tgz#9a9fb92f93cf41512a0735c8f4dd09b8a1211cd0"
-  integrity sha512-x9vcZYTrFPC7aSIbj7sRCYo7L/Xb8Iy+pW0ng0wt2vCJv7M9HOMy0UoN3rr+IFC7hb7vXoqS+P9ktyLLLhO+LA==
+[email protected], ws@^8.18.0:
+  version "8.18.0"
+  resolved "https://registry.yarnpkg.com/ws/-/ws-8.18.0.tgz#0d7505a6eafe2b0e712d232b42279f53bc289bbc"
+  integrity sha512-8VbfWfHLbbwu3+N6OKsOMpBdT4kXPDDB9cJk2bJ6mh9ucxdlnNvH1e+roYkKmN9Nxw2yjz7VzeO9oOz2zJ04Pw==
 
 x-is-string@^0.1.0:
   version "0.1.0"