Skip to content

Commit

Permalink
[CVE-2022-24999] Bump express from 4.17.1 to 4.18.2 (#3542) (#3563)
Browse files Browse the repository at this point in the history
* [CVE-2022-24999] Bump express from 4.17.1 to 4.18.2

Signed-off-by: Josh Romero <rmerqg@amazon.com>

* add changelog

Signed-off-by: Josh Romero <rmerqg@amazon.com>

---------

Signed-off-by: Josh Romero <rmerqg@amazon.com>
Co-authored-by: Anan Zhuang <ananzh@amazon.com>
(cherry picked from commit 1a8c68f)
  • Loading branch information
joshuarrrr authored Mar 9, 2023
1 parent 875be0a commit 11eb816
Show file tree
Hide file tree
Showing 3 changed files with 182 additions and 68 deletions.
3 changes: 2 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,8 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
- [CVE-2022-46175] Bumps json5 version from 1.0.1 and 2.2.1 to 1.0.2 and 2.2.3 ([#3201](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3201))
- [CVE-2022-25912] Bumps simple-git from 3.4.0 to 3.15.0 ([#3036](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3036))
- [CVE-2022-25860] Bumps simple-git from 3.15.1 to 3.16.0 ([#3345](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3345))
- [CVE-2020-36632] [REQUIRES PLUGIN VALIDATION] Bumps flat from 4.1.1 to 5.0.2 ([#3520](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3520)). To the best of our knowledge, this is a non-breaking change, but if your plugin relies on `mocha` tests, validate that they still work correctly (and plan to migrate them to `jest` [in preparation for `mocha` deprecation](https://github.com/opensearch-project/OpenSearch-Dashboards/issues/1572).
- [CVE-2020-36632] [REQUIRES PLUGIN VALIDATION] Bumps flat from 4.1.1 to 5.0.2 ([#3520](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3520)). To the best of our knowledge, this is a non-breaking change, but if your plugin relies on `mocha` tests, validate that they still work correctly (and plan to migrate them to `jest` [in preparation for `mocha` deprecation](https://github.com/opensearch-project/OpenSearch-Dashboards/issues/1572).
- [CVE-2022-24999] Bump express from 4.17.1 to 4.18.2 ([#3542](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3542))

### 📈 Features/Enhancements

Expand Down
1 change: 1 addition & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@
"!chromedriver/**/axios": "^0.21.4",
"chromedriver/**/axios": "^0.27.2",
"**/ejs": "^3.1.6",
"**/express": "^4.18.0",
"**/flat": "^5.0.2",
"**/follow-redirects": "^1.15.2",
"**/front-matter": "^4.0.2",
Expand Down
Loading

0 comments on commit 11eb816

Please sign in to comment.