[CVE-2022-1537][CVE-2022-0436][1.x]bump grunt from 1.4.1 to 1.5.3 (#3723

) Main bump grunt via this PR: #1580 In 1.x, bump grunt is different because v1.5.3 requires node>=8 and no breaking changes. This is the latest version with no node conflicts. grunt requires node>=16 sincev1.6.0 . Therefore, we should be very specific and limit the bump range. Issue Resolve: #1579 #1450 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> (cherry picked from commit 65deacb) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> # Conflicts: # CHANGELOG.md
opensearch-project · Jun 28, 2023 · 4081cac · 4081cac
1 parent 82d8632
commit 4081cac
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/yarn.lock b/yarn.lock
@@ -9603,7 +9603,7 @@ findup-sync@^4.0.0:
 findup-sync@~0.3.0:
   version "0.3.0"
   resolved "https://registry.yarnpkg.com/findup-sync/-/findup-sync-0.3.0.tgz#37930aa5d816b777c03445e1966cc6790a4c0b16"
-  integrity sha1-N5MKpdgWt3fANEXhlmzGeQpMCxY=
+  integrity sha512-z8Nrwhi6wzxNMIbxlrTzuUW6KWuKkogZ/7OdDVq+0+kxn77KUH1nipx8iU6suqkHqc4y6n7a9A8IpmxY/pTjWg==
   dependencies:
     glob "~5.0.0"
 
@@ -10219,7 +10219,7 @@ glob@^7.0.0, glob@^7.0.3, glob@^7.1.1, glob@^7.1.2, glob@^7.1.3, glob@^7.1.4, gl
 glob@~5.0.0:
   version "5.0.15"
   resolved "https://registry.yarnpkg.com/glob/-/glob-5.0.15.tgz#1bc936b9e02f4a603fcc222ecf7633d30b8b93b1"
-  integrity sha1-G8k2ueAvSmA/zCIuz3Yz0wuLk7E=
+  integrity sha512-c9IPMazfRITpmAAKi22dK1VKxGDX9ehhqfABDriL/lzO92xcUKEJPQHrVA/2YHSNFB4iFlykVmWvwo48nr3OxA==
   dependencies:
     inflight "^1.0.4"
     inherits "2"