From 4805e8c300a1cc0d467a3805afc7daff73db364d Mon Sep 17 00:00:00 2001 From: Anan Zhuang Date: Wed, 29 Mar 2023 05:55:16 +0000 Subject: [PATCH] [CVE-2022-1537][CVE-2022-0436]bump grunt from 1.4.1 to 1.5.3 Main bump grunt via this PR: https://github.com/opensearch-project/OpenSearch-Dashboards/pull/1580 In 1.x, bump grunt is different because v1.5.3 requires node>=8 and no breaking changes. This is the latest version with no node conflicts. grunt requires node>=16 sincev1.6.0 . Therefore, we should be very specific and limit the bump range. Signed-off-by: Anan Zhuang --- package.json | 2 +- packages/osd-ui-framework/package.json | 2 +- yarn.lock | 16 ++++++++-------- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/package.json b/package.json index 21babf90bf26..59e4d64f309f 100644 --- a/package.json +++ b/package.json @@ -414,7 +414,7 @@ "fp-ts": "^2.3.1", "geckodriver": "^1.21.0", "getopts": "^2.2.5", - "grunt": "^1.4.1", + "grunt": "~1.5.3", "grunt-available-tasks": "^0.6.3", "grunt-cli": "^1.4.3", "grunt-contrib-watch": "^1.1.0", diff --git a/packages/osd-ui-framework/package.json b/packages/osd-ui-framework/package.json index 513e0cd8b75e..7a396dbaa7cd 100644 --- a/packages/osd-ui-framework/package.json +++ b/packages/osd-ui-framework/package.json @@ -42,7 +42,7 @@ "css-loader": "^3.4.2", "expose-loader": "^0.7.5", "file-loader": "^4.2.0", - "grunt": "^1.4.1", + "grunt": "~1.5.3", "grunt-babel": "^8.0.0", "grunt-contrib-clean": "^2.0.0", "grunt-contrib-copy": "^1.0.0", diff --git a/yarn.lock b/yarn.lock index a7245bc6235d..a9169470f19f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -9593,7 +9593,7 @@ findup-sync@^4.0.0: findup-sync@~0.3.0: version "0.3.0" resolved "https://registry.yarnpkg.com/findup-sync/-/findup-sync-0.3.0.tgz#37930aa5d816b777c03445e1966cc6790a4c0b16" - integrity sha1-N5MKpdgWt3fANEXhlmzGeQpMCxY= + integrity sha512-z8Nrwhi6wzxNMIbxlrTzuUW6KWuKkogZ/7OdDVq+0+kxn77KUH1nipx8iU6suqkHqc4y6n7a9A8IpmxY/pTjWg== dependencies: glob "~5.0.0" @@ -10209,7 +10209,7 @@ glob@^7.0.0, glob@^7.0.3, glob@^7.1.1, glob@^7.1.2, glob@^7.1.3, glob@^7.1.4, gl glob@~5.0.0: version "5.0.15" resolved "https://registry.yarnpkg.com/glob/-/glob-5.0.15.tgz#1bc936b9e02f4a603fcc222ecf7633d30b8b93b1" - integrity sha1-G8k2ueAvSmA/zCIuz3Yz0wuLk7E= + integrity sha512-c9IPMazfRITpmAAKi22dK1VKxGDX9ehhqfABDriL/lzO92xcUKEJPQHrVA/2YHSNFB4iFlykVmWvwo48nr3OxA== dependencies: inflight "^1.0.4" inherits "2" @@ -10580,7 +10580,7 @@ grunt-babel@^8.0.0: resolved "https://registry.yarnpkg.com/grunt-babel/-/grunt-babel-8.0.0.tgz#92ef63aafadf938c488dc2f926ac9846e0c93d1b" integrity sha512-WuiZFvGzcyzlEoPIcY1snI234ydDWeWWV5bpnB7PZsOLHcDsxWKnrR1rMWEUsbdVPPjvIirwFNsuo4CbJmsdFQ== -grunt-cli@^1.4.3, grunt-cli@~1.4.2: +grunt-cli@^1.4.3, grunt-cli@~1.4.3: version "1.4.3" resolved "https://registry.yarnpkg.com/grunt-cli/-/grunt-cli-1.4.3.tgz#22c9f1a3d2780bf9b0d206e832e40f8f499175ff" integrity sha512-9Dtx/AhVeB4LYzsViCjUQkd0Kw0McN2gYpdmGYKtE2a5Yt7v1Q+HYZVWhqXc/kGnxlMtqKDxSwotiGeFmkrCoQ== @@ -10667,17 +10667,17 @@ grunt-run@0.8.1: dependencies: strip-ansi "^3.0.0" -grunt@^1.4.1: - version "1.4.1" - resolved "https://registry.yarnpkg.com/grunt/-/grunt-1.4.1.tgz#7d1e17db1f9c8108777f7273d6b9359755576f50" - integrity sha512-ZXIYXTsAVrA7sM+jZxjQdrBOAg7DyMUplOMhTaspMRExei+fD0BTwdWXnn0W5SXqhb/Q/nlkzXclSi3IH55PIA== +grunt@~1.5.3: + version "1.5.3" + resolved "https://registry.yarnpkg.com/grunt/-/grunt-1.5.3.tgz#3214101d11257b7e83cf2b38ea173b824deab76a" + integrity sha512-mKwmo4X2d8/4c/BmcOETHek675uOqw0RuA/zy12jaspWqvTp4+ZeQF1W+OTpcbncnaBsfbQJ6l0l4j+Sn/GmaQ== dependencies: dateformat "~3.0.3" eventemitter2 "~0.4.13" exit "~0.1.2" findup-sync "~0.3.0" glob "~7.1.6" - grunt-cli "~1.4.2" + grunt-cli "~1.4.3" grunt-known-options "~2.0.0" grunt-legacy-log "~3.0.0" grunt-legacy-util "~2.0.1"