[Manual Backport 1.x][CVE-2023-26486][CVE-2023-26487] Bump vega from …

…5.22.1 to 5.23.0

Bump vega from 5.22.1 to 5.23.0. This will also bump vega-function
from 5.13.0 to 5.13.1.

Backport PR:
opensearch-project#3533

Issue Resolved:
opensearch-project#3526
opensearch-project#3525

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

CHANGELOG.md

@@ -27,6 +27,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - [CVE-2023-25653] Bump node-jose to 2.2.0 ([#3445](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3445))
 - [CVE-2021-23807] Bump jsonpointer from 4.1.0 to 5.0.1 ([#3535](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3535))
 - [CVE-2022-24999] Bump express from 4.17.1 to 4.18.2 ([#3542](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3542))
+- [CVE-2023-26486][CVE-2023-26487] Bump vega from 5.22.1 to 5.23.0 ([#3533](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3533))
 
 ### 📈 Features/Enhancements
 

package.json

@@ -481,7 +481,7 @@
     "tree-kill": "^1.2.2",
     "typescript": "4.0.2",
     "ui-select": "0.19.8",
-    "vega": "^5.17.3",
+    "vega": "^5.23.0",
     "vega-interpreter": "npm:@amoo-miki/vega-forced-csp-compliant-interpreter@1.0.6",
     "vega-lite": "^4.16.8",
     "vega-schema-url-parser": "^2.1.0",

packages/osd-optimizer/src/worker/webpack.config.ts

@@ -91,7 +91,7 @@ export function getWebpackConfig(bundle: Bundle, bundleRefs: BundleRefs, worker:
       // already bundled with all its necessary depedencies
       noParse: [
         /[\/\\]node_modules[\/\\]lodash[\/\\]index\.js$/,
-        /[\/\\]node_modules[\/\\]vega[\/\\]build[\/\\]vega\.js$/,
+        /[\/\\]node_modules[\/\\]vega[\/\\]build-es5[\/\\]vega\.js$/,
       ],
 
       rules: [