Skip to content

Commit

Permalink
Bump joi to v14 to avoid the possibility of prototype poisoning in …
Browse files Browse the repository at this point in the history
…a nested dependency

Signed-off-by: Miki <miki@amazon.com>
  • Loading branch information
AMoo-Miki committed Apr 27, 2023
1 parent ac2ee3a commit f33ecb0
Show file tree
Hide file tree
Showing 4 changed files with 9 additions and 13 deletions.
3 changes: 2 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,8 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
- [CVE-2023-25653] Bump node-jose to 2.2.0 ([#3445](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3445))
- [CVE-2023-26486][cve-2023-26487] Bump vega from 5.22.1 to 5.23.0 ([#3533](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3533))
- [CVE-2023-0842] Bump xml2js from 0.4.23 to 0.5.0 ([#3842](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3842))
- [Multi DataSource] Add private IP blocking validation on server side([#3912](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3912))
- [Multi DataSource] Add private IP blocking validation on server side ([#3912](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3912))
- Bump joi to v14 to avoid the possibility of prototype poisoning in a nested dependency ([#3952](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3952))

### 📈 Features/Enhancements

Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,7 @@
"https-proxy-agent": "^5.0.0",
"inline-style": "^2.0.0",
"ip-cidr": "^2.1.0",
"joi": "^13.5.2",
"joi": "^14.3.1",
"js-yaml": "^4.1.0",
"json-stable-stringify": "^1.0.1",
"json-stringify-safe": "5.0.1",
Expand Down
2 changes: 1 addition & 1 deletion packages/osd-test/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@
"exit-hook": "^2.2.0",
"getopts": "^2.2.5",
"glob": "^7.1.7",
"joi": "^13.5.2",
"joi": "^14.3.1",
"lodash": "^4.17.21",
"parse-link-header": "^2.0.0",
"rxjs": "^6.5.5",
Expand Down
15 changes: 5 additions & 10 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -9589,11 +9589,6 @@ hmac-drbg@^1.0.1:
minimalistic-assert "^1.0.0"
minimalistic-crypto-utils "^1.0.1"

hoek@5.x.x:
version "5.0.4"
resolved "https://registry.yarnpkg.com/hoek/-/hoek-5.0.4.tgz#0f7fa270a1cafeb364a4b2ddfaa33f864e4157da"
integrity sha512-Alr4ZQgoMlnere5FZJsIyfIjORBqZll5POhDsF4q64dPuJR6rNxXdDxtHSQq8OXRurhmx+PWYEE8bXRROY8h0w==

hoek@6.x.x:
version "6.1.3"
resolved "https://registry.yarnpkg.com/hoek/-/hoek-6.1.3.tgz#73b7d33952e01fe27a38b0457294b79dd8da242c"
Expand Down Expand Up @@ -11187,12 +11182,12 @@ jmespath@0.16.0:
resolved "https://registry.yarnpkg.com/jmespath/-/jmespath-0.16.0.tgz#b15b0a85dfd4d930d43e69ed605943c802785076"
integrity sha512-9FzQjJ7MATs1tSpnco1K6ayiYE3figslrXA72G2HQ/n76RzvYlofyi5QM+iX4YRs/pu3yzxlVQSST23+dMDknw==

joi@^13.5.2:
version "13.7.0"
resolved "https://registry.yarnpkg.com/joi/-/joi-13.7.0.tgz#cfd85ebfe67e8a1900432400b4d03bbd93fb879f"
integrity sha512-xuY5VkHfeOYK3Hdi91ulocfuFopwgbSORmIwzcwHKESQhC7w1kD5jaVSPnqDxS2I8t3RZ9omCKAxNwXN5zG1/Q==
joi@^14.3.1:
version "14.3.1"
resolved "https://registry.yarnpkg.com/joi/-/joi-14.3.1.tgz#164a262ec0b855466e0c35eea2a885ae8b6c703c"
integrity sha512-LQDdM+pkOrpAn4Lp+neNIFV3axv1Vna3j38bisbQhETPMANYRbFJFUyOZcOClYvM/hppMhGWuKSFEK9vjrB+bQ==
dependencies:
hoek "5.x.x"
hoek "6.x.x"
isemail "3.x.x"
topo "3.x.x"

Expand Down

0 comments on commit f33ecb0

Please sign in to comment.