From 15361cf4085638ddb19fccef3f0a6dfe9d7954aa Mon Sep 17 00:00:00 2001 From: "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Date: Mon, 17 Apr 2023 16:02:44 -0700 Subject: [PATCH] [Backport 2.x] Bump xml2js from 0.4.23 to 0.5.0 (#3851) * Bump xml2js from 0.4.23 to 0.5.0 (#3842) * Create 1.3.8 release notes Signed-off-by: Aozixuan Priscilla Guan * Remove unused tags Signed-off-by: Aozixuan Priscilla Guan * Remove old changelog Signed-off-by: Aozixuan Priscilla Guan * Fix typo Signed-off-by: Aozixuan Priscilla Guan * Address comments Signed-off-by: Aozixuan Priscilla Guan * Add PRs Signed-off-by: Aozixuan Priscilla Guan * Remove unreleased PR Signed-off-by: Aozixuan Priscilla Guan * Remove unreleased PR Signed-off-by: Aozixuan Priscilla Guan * Bump xml2js from 0.4.22 to 0.5.0 Signed-off-by: Aozixuan Priscilla Guan * Add change log for CVE Signed-off-by: Aozixuan Priscilla Guan * Bump version for osd-test package Signed-off-by: Aozixuan Priscilla Guan * Modify PR link for changelog Signed-off-by: Aozixuan Priscilla Guan * Fix changelog and dependency package version Signed-off-by: Aozixuan Priscilla Guan * Fix aws sdk version Signed-off-by: Aozixuan Priscilla Guan --------- Signed-off-by: Aozixuan Priscilla Guan (cherry picked from commit c755b49c9de10a51b0944590407c5f5ad7429389) Signed-off-by: github-actions[bot] # Conflicts: # CHANGELOG.md * add changelog Signed-off-by: Josh Romero --------- Signed-off-by: Josh Romero Co-authored-by: github-actions[bot] Co-authored-by: Josh Romero --- CHANGELOG.md | 1 + package.json | 5 +++-- packages/osd-test/package.json | 2 +- yarn.lock | 27 +++++++-------------------- 4 files changed, 12 insertions(+), 23 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f315e0307624..2d272f3b3459 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - [CVE-2022-25758][CVE-2020-24025] Bump node-sass to 7.0.3 and sass-loader to 10.4.1 in 2.x ([#3455](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3455)) - [CVE-2022-24999] Resolve qs from 6.5.3 to 6.11.0 ([#3450](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3450)) - [CVE-2023-26486][CVE-2023-26487] Bump vega from 5.22.1 to 5.23.0 ([#3533](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3533)) +- [CVE-2023-0842] Bump xml2js from 0.4.23 to 0.5.0 ([#3842](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3842)) ### 📈 Features/Enhancements diff --git a/package.json b/package.json index 4c44a7dc09f7..8366af444960 100644 --- a/package.json +++ b/package.json @@ -98,7 +98,8 @@ "**/unset-value": "^2.0.1", "**/minimatch": "^3.0.5", "**/jest-config": "npm:@amoo-miki/jest-config@27.5.1", - "**/jest-jasmine2": "npm:@amoo-miki/jest-jasmine2@27.5.1" + "**/jest-jasmine2": "npm:@amoo-miki/jest-jasmine2@27.5.1", + "**/xml2js": "^0.5.0" }, "workspaces": { "packages": [ @@ -466,7 +467,7 @@ "vega-schema-url-parser": "^2.1.0", "vega-tooltip": "^0.30.0", "vinyl-fs": "^3.0.3", - "xml2js": "^0.4.22", + "xml2js": "^0.5.0", "xmlbuilder": "13.0.2", "zlib": "^1.0.5" }, diff --git a/packages/osd-test/package.json b/packages/osd-test/package.json index 7776afc1de58..69fa50828fc0 100644 --- a/packages/osd-test/package.json +++ b/packages/osd-test/package.json @@ -37,7 +37,7 @@ "rxjs": "^6.5.5", "strip-ansi": "^6.0.0", "tar-fs": "^2.1.0", - "xml2js": "^0.4.22", + "xml2js": "^0.5.0", "zlib": "^1.0.5" } } diff --git a/yarn.lock b/yarn.lock index 141c39cf78d2..022583a9fea2 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3746,9 +3746,9 @@ integrity sha512-JRGsPEPCrYqTXU0Cr+Yu7esPBE2yvH7ucOHr+JuBy0F59kglPvO5gkmtyEvf3P6dASSkScvy/XQ6SC1QEBFDuA== "@types/xml2js@^0.4.5": - version "0.4.9" - resolved "https://registry.yarnpkg.com/@types/xml2js/-/xml2js-0.4.9.tgz#a38267d8c2fe121c96922b12ee3bd89a58a6e20e" - integrity sha512-CHiCKIihl1pychwR2RNX5mAYmJDACgFVCMT5OArMaO3erzwXVcBqPcusr+Vl8yeeXukxZqtF8mZioqX+mpjjdw== + version "0.4.11" + resolved "https://registry.yarnpkg.com/@types/xml2js/-/xml2js-0.4.11.tgz#bf46a84ecc12c41159a7bd9cf51ae84129af0e79" + integrity sha512-JdigeAKmCyoJUiQljjr7tQG3if9NkqGUgwEUqBvV0N7LM4HyQk7UXCnusRa1lnvXAEYJ8mw8GtZWioagNztOwA== dependencies: "@types/node" "*" @@ -18857,18 +18857,10 @@ xml-parse-from-string@^1.0.0: resolved "https://registry.yarnpkg.com/xml-parse-from-string/-/xml-parse-from-string-1.0.1.tgz#a9029e929d3dbcded169f3c6e28238d95a5d5a28" integrity sha1-qQKekp09vN7RafPG4oI42VpdWig= -xml2js@0.4.19: - version "0.4.19" - resolved "https://registry.yarnpkg.com/xml2js/-/xml2js-0.4.19.tgz#686c20f213209e94abf0d1bcf1efaa291c7827a7" - integrity sha512-esZnJZJOiJR9wWKMyuvSE1y6Dq5LCuJanqhxslH2bxM6duahNZ+HMpCLhBQGZkbX6xRf8x1Y2eJlgt2q3qo49Q== - dependencies: - sax ">=0.6.0" - xmlbuilder "~9.0.1" - -xml2js@^0.4.22, xml2js@^0.4.5: - version "0.4.23" - resolved "https://registry.yarnpkg.com/xml2js/-/xml2js-0.4.23.tgz#a0c69516752421eb2ac758ee4d4ccf58843eac66" - integrity sha512-ySPiMjM0+pLDftHgXY4By0uswI3SPKLDw/i3UXbnO8M/p28zqexCUoPmQFrYD+/1BzhGJSs2i1ERWKJAtiLrug== +xml2js@0.4.19, xml2js@^0.4.5, xml2js@^0.5.0: + version "0.5.0" + resolved "https://registry.yarnpkg.com/xml2js/-/xml2js-0.5.0.tgz#d9440631fbb2ed800203fad106f2724f62c493b7" + integrity sha512-drPFnkQJik/O+uPKpqSgr22mpuFHqKdbS835iAQrUC73L2F5WkboIRd63ai/2Yg6I1jzifPFKH2NTK+cfglkIA== dependencies: sax ">=0.6.0" xmlbuilder "~11.0.0" @@ -18883,11 +18875,6 @@ xmlbuilder@~11.0.0: resolved "https://registry.yarnpkg.com/xmlbuilder/-/xmlbuilder-11.0.1.tgz#be9bae1c8a046e76b31127726347d0ad7002beb3" integrity sha512-fDlsI/kFEx7gLvbecc0/ohLG50fugQp8ryHzMTuW9vSa1GJ0XYWKnhsUx7oie3G98+r56aTQIUB4kht42R3JvA== -xmlbuilder@~9.0.1: - version "9.0.7" - resolved "https://registry.yarnpkg.com/xmlbuilder/-/xmlbuilder-9.0.7.tgz#132ee63d2ec5565c557e20f4c22df9aca686b10d" - integrity sha512-7YXTQc3P2l9+0rjaUbLwMKRhtmwg1M1eDf6nag7urC7pIPYLD9W/jmzQ4ptRSUbodw5S0jfoGTflLemQibSpeQ== - xmlchars@^2.2.0: version "2.2.0" resolved "https://registry.yarnpkg.com/xmlchars/-/xmlchars-2.2.0.tgz#060fe1bcb7f9c76fe2a17db86a9bc3ab894210cb"