Skip to content

Commit

Permalink
[CVE] Bump loader-utils to 2.0.3 to fix CVE-2022-37601 (opensearch-pr…
Browse files Browse the repository at this point in the history
…oject#2689)

* [CVE] Bump loader-utils to 2.0.3 to fix CVE-2022-37601

Signed-off-by: Zilong Xia <zilongx@amazon.com>

* Update CHANGELOG.md

Signed-off-by: Zilong Xia <zilongx@amazon.com>
Signed-off-by: Sergey V. Osipov <sipopo@yandex.ru>
  • Loading branch information
ZilongX authored and sipopo committed Dec 16, 2022
1 parent 904701f commit cf8f26f
Show file tree
Hide file tree
Showing 5 changed files with 31 additions and 46 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
- Bumps percy-agent to use non-beta version ([#2415](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2415))
- Resolve sub-dependent d3-color version and potential security issue ([#2454](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2454))
- [CVE-2022-3517] Bumps minimatch from 3.0.4 to 3.0.5 and [IBM X-Force ID: 220063] unset-value from 1.0.1 to 2.0.1 ([#2640](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2640))
- [CVE-2022-37601] Bump loader-utils to 2.0.3 ([#2689](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2689))

### 📈 Features/Enhancements

Expand Down
1 change: 1 addition & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@
"**/hoist-non-react-statics": "^3.3.2",
"**/json-schema": "^0.4.0",
"**/kind-of": ">=6.0.3",
"**/loader-utils": "^2.0.3",
"**/node-jose": "^2.1.0",
"**/nth-check": "^2.0.1",
"**/qs": "^6.10.3",
Expand Down
24 changes: 12 additions & 12 deletions packages/osd-optimizer/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -18,38 +18,27 @@
"@osd/std": "1.0.0",
"@osd/ui-shared-deps": "1.0.0",
"autoprefixer": "^10.4.1",
"babel-loader": "^8.2.3",
"clean-webpack-plugin": "^3.0.0",
"compression-webpack-plugin": "^4.0.0",
"cpy": "^8.0.0",
"core-js": "^3.6.5",
"css-loader": "^5.2.7",
"dedent": "^0.7.0",
"del": "^5.1.0",
"execa": "^4.0.2",
"fibers": "^5.0.3",
"file-loader": "^4.2.0",
"jest-diff": "^27.5.1",
"js-yaml": "^3.14.0",
"json-stable-stringify": "^1.0.1",
"lmdb-store": "^1.6.11",
"loader-utils": "^1.2.3",
"normalize-path": "^3.0.0",
"pirates": "^4.0.1",
"postcss": "^8.4.5",
"postcss-loader": "^4.2.0",
"raw-loader": "^4.0.2",
"rxjs": "^6.5.5",
"sass": "~1.26.11",
"sass-loader": "^10.2.0",
"source-map-support": "^0.5.19",
"style-loader": "^1.1.3",
"terser-webpack-plugin": "^2.1.2",
"tinymath": "1.2.1",
"url-loader": "^2.2.0",
"val-loader": "^1.1.1",
"watchpack": "^2.1.1",
"webpack": "^4.41.5",
"webpack-merge": "^4.2.2"
},
"devDependencies": {
Expand All @@ -58,6 +47,17 @@
"@types/loader-utils": "^1.1.3",
"@types/source-map-support": "^0.5.3",
"@types/watchpack": "^1.1.6",
"@types/webpack": "^4.41.31"
"@types/webpack": "^4.41.31",
"babel-loader": "^8.2.3",
"css-loader": "^5.2.7",
"file-loader": "^6.2.0",
"loader-utils": "^1.2.3",
"postcss-loader": "^4.2.0",
"raw-loader": "^4.0.2",
"sass-loader": "^10.2.0",
"style-loader": "^1.1.3",
"url-loader": "^2.2.0",
"val-loader": "^2.1.2",
"webpack": "^4.41.5"
}
}
2 changes: 1 addition & 1 deletion packages/osd-ui-shared-deps/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@
"css-loader": "^5.2.7",
"del": "^5.1.0",
"loader-utils": "^1.2.3",
"val-loader": "^1.1.1",
"val-loader": "^2.1.2",
"webpack": "^4.41.5"
}
}
49 changes: 16 additions & 33 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -8650,13 +8650,13 @@ file-entry-cache@^6.0.1:
dependencies:
flat-cache "^3.0.4"

file-loader@^4.2.0:
version "4.3.0"
resolved "https://registry.yarnpkg.com/file-loader/-/file-loader-4.3.0.tgz#780f040f729b3d18019f20605f723e844b8a58af"
integrity sha512-aKrYPYjF1yG3oX0kWRrqrSMfgftm7oJW5M+m4owoldH5C51C0RkIwB++JbRvEW3IU6/ZG5n8UvEcdgwOt2UOWA==
file-loader@^6.2.0:
version "6.2.0"
resolved "https://registry.yarnpkg.com/file-loader/-/file-loader-6.2.0.tgz#baef7cf8e1840df325e4390b4484879480eebe4d"
integrity sha512-qo3glqyTa61Ytg4u73GultjHGjdRyig3tG6lPtyX/jOEJvHif9uB0/OCI2Kif6ctF3caQTW2G5gym21oAsI4pw==
dependencies:
loader-utils "^1.2.3"
schema-utils "^2.5.0"
loader-utils "^2.0.0"
schema-utils "^3.0.0"

file-selector@^0.4.0:
version "0.4.0"
Expand Down Expand Up @@ -12103,19 +12103,10 @@ loader-runner@^2.4.0:
resolved "https://registry.yarnpkg.com/loader-runner/-/loader-runner-2.4.0.tgz#ed47066bfe534d7e84c4c7b9998c2a75607d9357"
integrity sha512-Jsmr89RcXGIwivFY21FcRrisYZfvLMTWx5kOLc+JTxtpBOG6xML0vzbc6SEQG2FO9/4Fc3wW4LVcB5DmGflaRw==

loader-utils@^1.0.0, loader-utils@^1.2.3:
version "1.4.0"
resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-1.4.0.tgz#c579b5e34cb34b1a74edc6c1fb36bfa371d5a613"
integrity sha512-qH0WSMBtn/oHuwjy/NucEgbx5dbxxnxup9s4PVXJUDHZBQY+s0NWA9rJf53RBnQZxfch7euUui7hpoAPvALZdA==
dependencies:
big.js "^5.2.2"
emojis-list "^3.0.0"
json5 "^1.0.1"

loader-utils@^2.0.0:
version "2.0.2"
resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-2.0.2.tgz#d6e3b4fb81870721ae4e0868ab11dd638368c129"
integrity sha512-TM57VeHptv569d/GKh6TAYdzKblwDNiumOdkFnejjD0XwTH87K90w3O7AiJRqdQoXygvi1VQTJTLGhJl7WqA7A==
loader-utils@^1.2.3, loader-utils@^2.0.0, loader-utils@^2.0.3:
version "2.0.3"
resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-2.0.3.tgz#d4b15b8504c63d1fc3f2ade52d41bc8459d6ede1"
integrity sha512-THWqIsn8QRnvLl0shHYVBN9syumU8pYWEHPTmkiVGd+7K5eFNVSY6AJhRvgGF70gg1Dz+l/k8WicvFCxdEs60A==
dependencies:
big.js "^5.2.2"
emojis-list "^3.0.0"
Expand Down Expand Up @@ -15860,14 +15851,6 @@ scheduler@^0.19.1:
loose-envify "^1.1.0"
object-assign "^4.1.1"

schema-utils@^0.4.5:
version "0.4.7"
resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-0.4.7.tgz#ba74f597d2be2ea880131746ee17d0a093c68187"
integrity sha512-v/iwU6wvwGK8HbU9yi3/nhGzP0yGSuhQMzL6ySiec1FSrZZDkhm4noOSWzrNFo/jEc+SJY6jRTwuwbSXJPDUnQ==
dependencies:
ajv "^6.1.0"
ajv-keywords "^3.1.0"

schema-utils@^1.0.0:
version "1.0.0"
resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-1.0.0.tgz#0b79a93204d7b600d4b2850d1f66c2a34951c770"
Expand Down Expand Up @@ -18147,13 +18130,13 @@ v8flags@~3.2.0:
dependencies:
homedir-polyfill "^1.0.1"

val-loader@^1.1.1:
version "1.1.1"
resolved "https://registry.yarnpkg.com/val-loader/-/val-loader-1.1.1.tgz#32ba8ed5c3607504134977251db2966499e15ef7"
integrity sha512-JLqLXJWCVLXTxbUeHhLpWkgl3+X3U8Bl0vY7rTFZgFSbLJaEtAxuD2ixy/cM8w/gzC7sS3NE5IDSzClDt332sw==
val-loader@^2.1.2:
version "2.1.2"
resolved "https://registry.yarnpkg.com/val-loader/-/val-loader-2.1.2.tgz#3f2efaed5791791727df62858ccaa07fc27579e7"
integrity sha512-slp7F4QaEE3h2dCKb28ulCkgVYqpbTcx9u/8or+lpWGOn5v7+hrQXZ+dGbblrIf2LBkVZBCiinLh7DgYO4Ds5g==
dependencies:
loader-utils "^1.0.0"
schema-utils "^0.4.5"
loader-utils "^2.0.0"
schema-utils "^3.0.0"

validate-npm-package-license@^3.0.1:
version "3.0.4"
Expand Down

0 comments on commit cf8f26f

Please sign in to comment.