Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CVE-2022-24999] Resolve qs from 6.5.3 to 6.11.0 #3450

Merged
merged 5 commits into from
Feb 18, 2023
Merged

[CVE-2022-24999] Resolve qs from 6.5.3 to 6.11.0 #3450

merged 5 commits into from
Feb 18, 2023

Conversation

ananzh
Copy link
Member

@ananzh ananzh commented Feb 17, 2023

Issues Resolved

#3449

Check List

  • All tests pass
    • yarn test:jest
    • yarn test:jest_integration
    • yarn test:ftr
  • New functionality includes testing.
  • New functionality has been documented.
  • Update CHANGELOG.md
  • Commits are signed per the DCO using --signoff

@ananzh ananzh requested a review from a team as a code owner February 17, 2023 19:53
@ananzh ananzh self-assigned this Feb 17, 2023
@ananzh ananzh added cve Security vulnerabilities detected by Dependabot or Mend backport 2.5 v2.6.0 labels Feb 17, 2023
@codecov-commenter
Copy link

codecov-commenter commented Feb 17, 2023
edited
Loading

Codecov Report

Merging #3450 (d22aab6) into 2.x (723d077) will increase coverage by 0.00%.
The diff coverage is n/a.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@           Coverage Diff           @@
##              2.x    #3450   +/-   ##
=======================================
  Coverage   66.48%   66.49%           
=======================================
  Files        3203     3203           
  Lines       61397    61397           
  Branches     9453     9453           
=======================================
+ Hits        40821    40823    +2     
+ Misses      18315    18313    -2     
  Partials     2261     2261
Flag Coverage Δ
Linux 66.49% <ø> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
...ic/application/models/sense_editor/sense_editor.ts 64.00% <0.00%> (-0.89%) ⬇️
packages/osd-optimizer/src/node/cache.ts 52.63% <0.00%> (+2.63%) ⬆️
...s/osd-optimizer/src/node/node_auto_tranpilation.ts 87.75% <0.00%> (+4.08%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

joshuarrrr
joshuarrrr reviewed Feb 17, 2023
View reviewed changes
CHANGELOG.md Outdated
- [CVE-2022-37601] [CVE-2022-37599] Bump loader-utils from 2.0.3 to 2.0.4 ([#3318](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3318))
- [CVE-2022-25860] Bump simple-git from 3.15.1 to 3.16.0 ([#3345](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3345))
- [CVE-2020-36632] [REQUIRES PLUGIN VALIDATION] Bump flat from 4.1.1 to 5.0.2 ([#3419](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3419)). To the best of our knowledge, this is a non-breaking change, but if your plugin relies on `mocha` tests, validate that they still work correctly (and plan to migrate them to `jest` [in preparation for `mocha` deprecation](https://github.com/opensearch-project/OpenSearch-Dashboards/issues/1572).
- [CVE-2023-25166] Bump formula from 3.0.0 to 3.0.1 ([#3416](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3416))
- [CVE-2022-24999] Resolve qs to 6.11.0 in 2.x ([#3450](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3450))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- [CVE-2022-24999] Resolve qs to 6.11.0 in 2.x ([#3450](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3450))
- [CVE-2022-24999] Resolve qs from 6.5.3 to 6.11.0 ([#3450](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3450))

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will do

kristenTian
kristenTian previously approved these changes Feb 17, 2023
View reviewed changes
@ananzh
[CVE-2022-24999] resolve qs to 6.11.0 in 2.x
4c69cde 
Issue resolved:
opensearch-project#3449

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
@ananzh ananzh changed the title [CVE-2022-24999] resolve qs to 6.11.0 in 2.x [CVE-2022-24999] Resolve qs from 6.5.3 to 6.11.0 Feb 18, 2023
@abbyhu2000 abbyhu2000 merged commit c032607 into opensearch-project:2.x Feb 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joshuarrrr joshuarrrr joshuarrrr left review comments

@abbyhu2000 abbyhu2000 abbyhu2000 approved these changes

@kristenTian kristenTian kristenTian approved these changes

@AMoo-Miki AMoo-Miki Awaiting requested review from AMoo-Miki AMoo-Miki is a code owner

Assignees

@ananzh ananzh

Labels
cve Security vulnerabilities detected by Dependabot or Mend v1.3.9 v2.6.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@ananzh @codecov-commenter @joshuarrrr @abbyhu2000 @kristenTian