From 8b29d41f731fbc4d83e0290dd364c8923d0ddc15 Mon Sep 17 00:00:00 2001 From: himsgupta1122 Date: Thu, 20 Oct 2022 17:50:15 -0700 Subject: [PATCH] Update CVE 2022-3517 minimatch to 3.0.5 and unset-value to 2.0.1 Signed-off-by: himsgupta1122 --- CHANGELOG.md | 2 ++ package.json | 4 ++-- yarn.lock | 7 +++++++ 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c7e8507a964b..ad86bdaa8a80 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -62,6 +62,8 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) * [CVE-2022-33987] Upgrade geckodriver to 3.0.2 ([#2166](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2166)) * Bumps percy-agent to use non-beta version ([#2415](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2415)) * Resolve sub-dependent d3-color version and potential security issue ([#2454](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2454)) +* [CVE-2022-3517] Update minimatch from 3.0.4 to 3.0.5 ([#2640](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2640)) +* Update unset-value from 1.0.1 to 2.0.1 ([#2640](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2640)) ### 📈 Features/Enhancements diff --git a/package.json b/package.json index e87881fdb400..6533507a7806 100644 --- a/package.json +++ b/package.json @@ -181,7 +181,7 @@ "json-stringify-safe": "5.0.1", "lodash": "^4.17.21", "lru-cache": "^4.1.5", - "minimatch": "^3.0.4", + "minimatch": "3.0.5", "moment": "^2.24.0", "moment-timezone": "^0.5.27", "mustache": "^2.3.2", @@ -461,4 +461,4 @@ "node": "14.20.0", "yarn": "^1.21.1" } -} \ No newline at end of file +} diff --git a/yarn.lock b/yarn.lock index 2c8df6850b10..b15d6f871025 100644 --- a/yarn.lock +++ b/yarn.lock @@ -12797,6 +12797,13 @@ minimatch@3.0.4: dependencies: brace-expansion "^1.1.7" +minimatch@3.0.5: + version "3.0.5" + resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.0.5.tgz#4da8f1290ee0f0f8e83d60ca69f8f134068604a3" + integrity sha512-tUpxzX0VAzJHjLu0xUfFv1gwVp9ba3IOuRAVH2EGuRW8a5emA2FlACLqiT/lDVtS1W+TGNwqz3sWaNyLgDJWuw== + dependencies: + brace-expansion "^1.1.7" + minimatch@~3.0.4: version "3.0.8" resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.0.8.tgz#5e6a59bd11e2ab0de1cfb843eb2d82e546c321c1"