From 982c83b52a6aad7007455757da734feb7be21a1d Mon Sep 17 00:00:00 2001 From: "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Date: Thu, 29 Jun 2023 18:08:12 -0700 Subject: [PATCH] [CVE-2022-1537][CVE-2022-0436][1.x]bump grunt from 1.4.1 to 1.5.3 (#3723) (#4435) Main bump grunt via this PR: https://github.com/opensearch-project/OpenSearch-Dashboards/pull/1580 In 1.x, bump grunt is different because v1.5.3 requires node>=8 and no breaking changes. This is the latest version with no node conflicts. grunt requires node>=16 sincev1.6.0 . Therefore, we should be very specific and limit the bump range. Issue Resolve: https://github.com/opensearch-project/OpenSearch-Dashboards/issues/1579 https://github.com/opensearch-project/OpenSearch-Dashboards/issues/1450 Signed-off-by: Anan Zhuang Co-authored-by: Josh Romero (cherry picked from commit 65deacbe79825cddfac04ce653c3455d5578d371) Signed-off-by: github-actions[bot] # Conflicts: # CHANGELOG.md Co-authored-by: github-actions[bot] --- yarn.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/yarn.lock b/yarn.lock index 750d8ad21c42..1b521a5a15ea 100644 --- a/yarn.lock +++ b/yarn.lock @@ -9603,7 +9603,7 @@ findup-sync@^4.0.0: findup-sync@~0.3.0: version "0.3.0" resolved "https://registry.yarnpkg.com/findup-sync/-/findup-sync-0.3.0.tgz#37930aa5d816b777c03445e1966cc6790a4c0b16" - integrity sha1-N5MKpdgWt3fANEXhlmzGeQpMCxY= + integrity sha512-z8Nrwhi6wzxNMIbxlrTzuUW6KWuKkogZ/7OdDVq+0+kxn77KUH1nipx8iU6suqkHqc4y6n7a9A8IpmxY/pTjWg== dependencies: glob "~5.0.0" @@ -10219,7 +10219,7 @@ glob@^7.0.0, glob@^7.0.3, glob@^7.1.1, glob@^7.1.2, glob@^7.1.3, glob@^7.1.4, gl glob@~5.0.0: version "5.0.15" resolved "https://registry.yarnpkg.com/glob/-/glob-5.0.15.tgz#1bc936b9e02f4a603fcc222ecf7633d30b8b93b1" - integrity sha1-G8k2ueAvSmA/zCIuz3Yz0wuLk7E= + integrity sha512-c9IPMazfRITpmAAKi22dK1VKxGDX9ehhqfABDriL/lzO92xcUKEJPQHrVA/2YHSNFB4iFlykVmWvwo48nr3OxA== dependencies: inflight "^1.0.4" inherits "2"