From 00463c0e5d66b443a0e175d2d7e8414fdeefa633 Mon Sep 17 00:00:00 2001 From: "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Date: Fri, 17 Jun 2022 10:31:58 -0700 Subject: [PATCH] [CVE] Resolve `jpeg-js` to 0.4.4 (#1753) (#1757) Addresses Denial of Service (DoS) issue where a particular piece of input will cause to enter an infinite loop and never return. CVE: https://vuln.whitesourcesoftware.com/vulnerability/CVE-2022-25851 Issue Resolved: https://github.com/opensearch-project/OpenSearch-Dashboards/issues/1725 Signed-off-by: Kawika Avilla (cherry picked from commit 2a159e88e0d0d912c68994804450478fe31d5a12) Co-authored-by: Kawika Avilla --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index c0bd12420ec6..e6d96c107877 100644 --- a/yarn.lock +++ b/yarn.lock @@ -11486,9 +11486,9 @@ joi@^17.3.0: "@sideway/pinpoint" "^2.0.0" jpeg-js@^0.4.0: - version "0.4.3" - resolved "https://registry.yarnpkg.com/jpeg-js/-/jpeg-js-0.4.3.tgz#6158e09f1983ad773813704be80680550eff977b" - integrity sha512-ru1HWKek8octvUHFHvE5ZzQ1yAsJmIvRdGWvSoKV52XKyuyYA437QWDttXT8eZXDSbuMpHlLzPDZUPd6idIz+Q== + version "0.4.4" + resolved "https://registry.yarnpkg.com/jpeg-js/-/jpeg-js-0.4.4.tgz#a9f1c6f1f9f0fa80cdb3484ed9635054d28936aa" + integrity sha512-WZzeDOEtTOBK4Mdsar0IqEU5sMr3vSV2RqkAIzUEV2BHnUfKGyswWFPFwK5EeDo93K3FohSHbLAjj0s1Wzd+dg== jquery@^3.5.0: version "3.6.0"