From 2b9e9ff5fe2e173c87dc6f5bc88f23cedbc50e05 Mon Sep 17 00:00:00 2001
From: Anan Zhuang <ananzh@amazon.com>
Date: Wed, 25 Jan 2023 17:20:32 +0000
Subject: [PATCH] [CVE-2022-37601][CVE-2022-37599] Bump loader-utils to 2.0.4

Issue Resolved:
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/3306

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
---
 CHANGELOG.md                             | 5 +++--
 package.json                             | 2 +-
 packages/osd-optimizer/package.json      | 2 +-
 packages/osd-ui-shared-deps/package.json | 2 +-
 yarn.lock                                | 8 ++++----
 5 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1b277c3b216b..0f4f625e905e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -100,7 +100,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Update `leaflet-vega` and fixed its usage ([#3005](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3005))
 
 ### 🔩 Tests
- 
+
 - Correct the linting logic for `no-restricted-path` to ignore trailing slashes ([#3020](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3020))
 
 ## [2.4.0]
@@ -117,6 +117,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - [Legacy Maps] Prevent reverse-tabnabbing ([#2540](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2540))
 - [WS-2022-0284] [WS-2022-0280] Bump moment-timezone from 0.5.34 to 0.5.37 ([#2361](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2361))
 - [Multi DataSource] Prevent spell-checking the password fields ([#2818](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2818))
+- [CVE-2022-37601][CVE-2022-37599] Bump loader-utils to 2.0.4 ([]())
 
 ### 📈 Features/Enhancements
 
@@ -217,4 +218,4 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 
 - Add @zengyan-amazon as a maintainer ([#2419](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2419))
 - Increment from 2.3 to 2.4. ([#2295](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2295))
-- Add CHANGELOG.md for 2.4.0 ([#2809](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2809))
\ No newline at end of file
+- Add CHANGELOG.md for 2.4.0 ([#2809](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2809))
diff --git a/package.json b/package.json
index 5da56e2cc84e..0e36dd1c9866 100644
--- a/package.json
+++ b/package.json
@@ -84,7 +84,7 @@
     "**/hoist-non-react-statics": "^3.3.2",
     "**/json-schema": "^0.4.0",
     "**/kind-of": ">=6.0.3",
-    "**/loader-utils": "^2.0.3",
+    "**/loader-utils": "^2.0.4",
     "**/node-jose": "^2.1.0",
     "**/nth-check": "^2.0.1",
     "**/qs": "^6.10.3",
diff --git a/packages/osd-optimizer/package.json b/packages/osd-optimizer/package.json
index 6be6fe10424b..f2f1f427e5ee 100644
--- a/packages/osd-optimizer/package.json
+++ b/packages/osd-optimizer/package.json
@@ -50,7 +50,7 @@
     "babel-loader": "^8.2.3",
     "css-loader": "^5.2.7",
     "file-loader": "^6.2.0",
-    "loader-utils": "^1.2.3",
+    "loader-utils": "^2.0.4",
     "postcss-loader": "^4.2.0",
     "raw-loader": "^4.0.2",
     "sass-loader": "^10.2.0",
diff --git a/packages/osd-ui-shared-deps/package.json b/packages/osd-ui-shared-deps/package.json
index 14cf480dba72..3df0f549e67a 100644
--- a/packages/osd-ui-shared-deps/package.json
+++ b/packages/osd-ui-shared-deps/package.json
@@ -43,7 +43,7 @@
     "babel-plugin-transform-react-remove-prop-types": "^0.4.24",
     "css-loader": "^5.2.7",
     "del": "^6.1.1",
-    "loader-utils": "^1.2.3",
+    "loader-utils": "^2.0.4",
     "val-loader": "^2.1.2",
     "webpack": "^4.41.5"
   }
diff --git a/yarn.lock b/yarn.lock
index 8158a910dba1..832a15417887 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -11807,10 +11807,10 @@ loader-runner@^2.4.0:
   resolved "https://registry.yarnpkg.com/loader-runner/-/loader-runner-2.4.0.tgz#ed47066bfe534d7e84c4c7b9998c2a75607d9357"
   integrity sha512-Jsmr89RcXGIwivFY21FcRrisYZfvLMTWx5kOLc+JTxtpBOG6xML0vzbc6SEQG2FO9/4Fc3wW4LVcB5DmGflaRw==
 
-loader-utils@^1.2.3, loader-utils@^2.0.0, loader-utils@^2.0.3:
-  version "2.0.3"
-  resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-2.0.3.tgz#d4b15b8504c63d1fc3f2ade52d41bc8459d6ede1"
-  integrity sha512-THWqIsn8QRnvLl0shHYVBN9syumU8pYWEHPTmkiVGd+7K5eFNVSY6AJhRvgGF70gg1Dz+l/k8WicvFCxdEs60A==
+loader-utils@^1.2.3, loader-utils@^2.0.0, loader-utils@^2.0.4:
+  version "2.0.4"
+  resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-2.0.4.tgz#8b5cb38b5c34a9a018ee1fc0e6a066d1dfcc528c"
+  integrity sha512-xXqpXoINfFhgua9xiqD8fPFHgkoq1mmmpE92WlDbm9rNRd/EbRb+Gqf908T2DMfuHjjJlksiK2RbHVOdD/MqSw==
   dependencies:
     big.js "^5.2.2"
     emojis-list "^3.0.0"