From c3e5270d41f831daea72e0b21d0cde453399785c Mon Sep 17 00:00:00 2001 From: Aozixuan Priscilla Guan <92183424+aoguan1990@users.noreply.github.com> Date: Fri, 14 Apr 2023 19:52:02 -0500 Subject: [PATCH] Bump xml2js from 0.4.23 to 0.5.0 (#3842) * Create 1.3.8 release notes Signed-off-by: Aozixuan Priscilla Guan * Remove unused tags Signed-off-by: Aozixuan Priscilla Guan * Remove old changelog Signed-off-by: Aozixuan Priscilla Guan * Fix typo Signed-off-by: Aozixuan Priscilla Guan * Address comments Signed-off-by: Aozixuan Priscilla Guan * Add PRs Signed-off-by: Aozixuan Priscilla Guan * Remove unreleased PR Signed-off-by: Aozixuan Priscilla Guan * Remove unreleased PR Signed-off-by: Aozixuan Priscilla Guan * Bump xml2js from 0.4.22 to 0.5.0 Signed-off-by: Aozixuan Priscilla Guan * Add change log for CVE Signed-off-by: Aozixuan Priscilla Guan * Bump version for osd-test package Signed-off-by: Aozixuan Priscilla Guan * Modify PR link for changelog Signed-off-by: Aozixuan Priscilla Guan * Fix changelog and dependency package version Signed-off-by: Aozixuan Priscilla Guan * Fix aws sdk version Signed-off-by: Aozixuan Priscilla Guan --------- Signed-off-by: Aozixuan Priscilla Guan Signed-off-by: David Sinclair --- CHANGELOG.md | 1 + package.json | 5 +++-- packages/osd-test/package.json | 2 +- yarn.lock | 27 +++++++-------------------- 4 files changed, 12 insertions(+), 23 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c24e5ec31654..a9a5abf42b1c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - [CVE-2023-25166] Bump formula to 3.0.1 ([#3416](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3416)) - [CVE-2023-25653] Bump node-jose to 2.2.0 ([#3445](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3445)) - [CVE-2023-26486][cve-2023-26487] Bump vega from 5.22.1 to 5.23.0 ([#3533](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3533)) +- [CVE-2023-0842] Bump xml2js from 0.4.23 to 0.5.0 ([#3842](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3842)) ### 📈 Features/Enhancements diff --git a/package.json b/package.json index dc1fea62ad0c..0ce1bebe7dea 100644 --- a/package.json +++ b/package.json @@ -96,7 +96,8 @@ "**/typescript": "4.0.2", "**/unset-value": "^2.0.1", "**/jest-config": "npm:@amoo-miki/jest-config@27.5.1", - "**/jest-jasmine2": "npm:@amoo-miki/jest-jasmine2@27.5.1" + "**/jest-jasmine2": "npm:@amoo-miki/jest-jasmine2@27.5.1", + "**/xml2js": "^0.5.0" }, "workspaces": { "packages": [ @@ -462,7 +463,7 @@ "vega-schema-url-parser": "^2.1.0", "vega-tooltip": "^0.30.0", "vinyl-fs": "^3.0.3", - "xml2js": "^0.4.22", + "xml2js": "^0.5.0", "xmlbuilder": "13.0.2", "zlib": "^1.0.5" }, diff --git a/packages/osd-test/package.json b/packages/osd-test/package.json index 7776afc1de58..69fa50828fc0 100644 --- a/packages/osd-test/package.json +++ b/packages/osd-test/package.json @@ -37,7 +37,7 @@ "rxjs": "^6.5.5", "strip-ansi": "^6.0.0", "tar-fs": "^2.1.0", - "xml2js": "^0.4.22", + "xml2js": "^0.5.0", "zlib": "^1.0.5" } } diff --git a/yarn.lock b/yarn.lock index 2728b79ee99e..455b3475298f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3729,9 +3729,9 @@ integrity sha512-JRGsPEPCrYqTXU0Cr+Yu7esPBE2yvH7ucOHr+JuBy0F59kglPvO5gkmtyEvf3P6dASSkScvy/XQ6SC1QEBFDuA== "@types/xml2js@^0.4.5": - version "0.4.9" - resolved "https://registry.yarnpkg.com/@types/xml2js/-/xml2js-0.4.9.tgz#a38267d8c2fe121c96922b12ee3bd89a58a6e20e" - integrity sha512-CHiCKIihl1pychwR2RNX5mAYmJDACgFVCMT5OArMaO3erzwXVcBqPcusr+Vl8yeeXukxZqtF8mZioqX+mpjjdw== + version "0.4.11" + resolved "https://registry.yarnpkg.com/@types/xml2js/-/xml2js-0.4.11.tgz#bf46a84ecc12c41159a7bd9cf51ae84129af0e79" + integrity sha512-JdigeAKmCyoJUiQljjr7tQG3if9NkqGUgwEUqBvV0N7LM4HyQk7UXCnusRa1lnvXAEYJ8mw8GtZWioagNztOwA== dependencies: "@types/node" "*" @@ -18425,18 +18425,10 @@ xml-parse-from-string@^1.0.0: resolved "https://registry.yarnpkg.com/xml-parse-from-string/-/xml-parse-from-string-1.0.1.tgz#a9029e929d3dbcded169f3c6e28238d95a5d5a28" integrity sha1-qQKekp09vN7RafPG4oI42VpdWig= -xml2js@0.4.19: - version "0.4.19" - resolved "https://registry.yarnpkg.com/xml2js/-/xml2js-0.4.19.tgz#686c20f213209e94abf0d1bcf1efaa291c7827a7" - integrity sha512-esZnJZJOiJR9wWKMyuvSE1y6Dq5LCuJanqhxslH2bxM6duahNZ+HMpCLhBQGZkbX6xRf8x1Y2eJlgt2q3qo49Q== - dependencies: - sax ">=0.6.0" - xmlbuilder "~9.0.1" - -xml2js@^0.4.22, xml2js@^0.4.5: - version "0.4.23" - resolved "https://registry.yarnpkg.com/xml2js/-/xml2js-0.4.23.tgz#a0c69516752421eb2ac758ee4d4ccf58843eac66" - integrity sha512-ySPiMjM0+pLDftHgXY4By0uswI3SPKLDw/i3UXbnO8M/p28zqexCUoPmQFrYD+/1BzhGJSs2i1ERWKJAtiLrug== +xml2js@0.4.19, xml2js@^0.4.5, xml2js@^0.5.0: + version "0.5.0" + resolved "https://registry.yarnpkg.com/xml2js/-/xml2js-0.5.0.tgz#d9440631fbb2ed800203fad106f2724f62c493b7" + integrity sha512-drPFnkQJik/O+uPKpqSgr22mpuFHqKdbS835iAQrUC73L2F5WkboIRd63ai/2Yg6I1jzifPFKH2NTK+cfglkIA== dependencies: sax ">=0.6.0" xmlbuilder "~11.0.0" @@ -18451,11 +18443,6 @@ xmlbuilder@~11.0.0: resolved "https://registry.yarnpkg.com/xmlbuilder/-/xmlbuilder-11.0.1.tgz#be9bae1c8a046e76b31127726347d0ad7002beb3" integrity sha512-fDlsI/kFEx7gLvbecc0/ohLG50fugQp8ryHzMTuW9vSa1GJ0XYWKnhsUx7oie3G98+r56aTQIUB4kht42R3JvA== -xmlbuilder@~9.0.1: - version "9.0.7" - resolved "https://registry.yarnpkg.com/xmlbuilder/-/xmlbuilder-9.0.7.tgz#132ee63d2ec5565c557e20f4c22df9aca686b10d" - integrity sha512-7YXTQc3P2l9+0rjaUbLwMKRhtmwg1M1eDf6nag7urC7pIPYLD9W/jmzQ4ptRSUbodw5S0jfoGTflLemQibSpeQ== - xmlchars@^2.2.0: version "2.2.0" resolved "https://registry.yarnpkg.com/xmlchars/-/xmlchars-2.2.0.tgz#060fe1bcb7f9c76fe2a17db86a9bc3ab894210cb"