Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport 1.x][CVE] Bump loader-utils to 2.0.3 to fix CVE-2022-37601 #2707

Merged
merged 1 commit into from
Nov 1, 2022
Merged

[Backport 1.x][CVE] Bump loader-utils to 2.0.3 to fix CVE-2022-37601 #2707

merged 1 commit into from
Nov 1, 2022

Conversation

ZilongX
Copy link
Collaborator

@ZilongX ZilongX commented Nov 1, 2022

Signed-off-by: Zilong Xia zilongx@amazon.com

Description

Issues Resolved

Resolves #2560
Resolves #2612

Check List

  • All tests pass
    • yarn test:jest
    • yarn test:jest_integration
    • yarn test:ftr
  • New functionality includes testing.
  • New functionality has been documented.
  • Update CHANGELOG.md
  • Commits are signed per the DCO using --signoff

@ZilongX
[Backport 1.x] Bump loader-utils to 2.0.3 to fix CVE-2022-37601
72aa1f8 
Signed-off-by: Zilong Xia <zilongx@amazon.com>
@ZilongX ZilongX added cve Security vulnerabilities detected by Dependabot or Mend Mend: dependency security vulnerability Security vulnerability detected by Mend v1.3.7 labels Nov 1, 2022
@ZilongX ZilongX requested a review from a team November 1, 2022 03:45
@zhongnansu zhongnansu merged commit b8f6040 into opensearch-project:1.x Nov 1, 2022
@ZilongX ZilongX deleted the backport-1.x-loader-utils branch November 1, 2022 16:30
@ashwin-pc ashwin-pc changed the title [Backport 1.x] Bump loader-utils to 2.0.3 to fix CVE-2022-37601 [Backport 1.x][CVE] Bump loader-utils to 2.0.3 to fix CVE-2022-37601 Nov 4, 2022
@opensearch-trigger-bot
Copy link
Contributor

The backport to 1.3 failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-1.3 1.3
# Navigate to the new working tree
cd .worktrees/backport-1.3
# Create a new branch
git switch --create backport/backport-2707-to-1.3
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 b8f6040e83bc5291f25c983187d04e2516986b48
# Push it to GitHub
git push --set-upstream origin backport/backport-2707-to-1.3
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-1.3

Then, create a pull request where the base branch is 1.3 and the compare/head branch is backport/backport-2707-to-1.3.

joshuarrrr pushed a commit to joshuarrrr/OpenSearch-Dashboards that referenced this pull request Nov 29, 2022
@ZilongX @joshuarrrr
[Backport 1.x] Bump loader-utils to 2.0.3 to fix CVE-2022-37601 (open…
f8a53a2 
…search-project#2707)

Signed-off-by: Zilong Xia <zilongx@amazon.com>
(cherry picked from commit b8f6040)
@joshuarrrr joshuarrrr mentioned this pull request Nov 29, 2022
Merged
joshuarrrr pushed a commit to joshuarrrr/OpenSearch-Dashboards that referenced this pull request Nov 30, 2022
@ZilongX @joshuarrrr
[Backport 1.x] Bump loader-utils to 2.0.3 to fix CVE-2022-37601 (open…
77b61e5 
…search-project#2707)

Signed-off-by: Zilong Xia <zilongx@amazon.com>
(cherry picked from commit b8f6040)
joshuarrrr pushed a commit to joshuarrrr/OpenSearch-Dashboards that referenced this pull request Nov 30, 2022
@ZilongX @joshuarrrr
[Backport 1.x] Bump loader-utils to 2.0.3 to fix CVE-2022-37601 (open…
5a1bb3c 
…search-project#2707)

Signed-off-by: Zilong Xia <zilongx@amazon.com>
(cherry picked from commit b8f6040)
joshuarrrr added a commit that referenced this pull request Dec 1, 2022
@joshuarrrr
[Backport 1.x] Bump loader-utils to 2.0.3 to fix CVE-2022-37601 (#2707)…
ed52b6f 
… (#2953)

Signed-off-by: Zilong Xia <zilongx@amazon.com>
(cherry picked from commit b8f6040)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zhongnansu zhongnansu zhongnansu approved these changes

@AMoo-Miki AMoo-Miki AMoo-Miki approved these changes

Assignees
No one assigned
Labels
backport 1.3 cve Security vulnerabilities detected by Dependabot or Mend Mend: dependency security vulnerability Security vulnerability detected by Mend v1.3.7
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ZilongX @AMoo-Miki @zhongnansu @joshuarrrr