-
Notifications
You must be signed in to change notification settings - Fork 916
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CVE] Resolves grunt to 1.5.3 #1580
Conversation
Addresses CVE-2022-1537 Issue: opensearch-project#1579 Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
55edb91
to
2e4a4cd
Compare
Do we want to bump the defined dependencies? OpenSearch-Dashboards/package.json Line 374 in 0afba22
|
Good point. I'd rather go this route otherwise I won't backport to 2.0. Plus they have compatible with version |
Yeah agreed, just wanted to make sure we considered that. |
Addresses CVE-2022-1537 Issue: #1579 Signed-off-by: Kawika Avilla <kavilla414@gmail.com> (cherry picked from commit 1792662)
Addresses CVE-2022-1537 Issue: #1579 Signed-off-by: Kawika Avilla <kavilla414@gmail.com> (cherry picked from commit 1792662)
Addresses CVE-2022-1537 Issue: #1579 Signed-off-by: Kawika Avilla <kavilla414@gmail.com> (cherry picked from commit 1792662)
Addresses CVE-2022-1537 Issue: #1579 Signed-off-by: Kawika Avilla <kavilla414@gmail.com> (cherry picked from commit 1792662)
Addresses CVE-2022-1537 Issue: opensearch-project#1579 Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Addresses CVE-2022-1537 Issue: opensearch-project#1579 Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Main bump grunt via this PR: opensearch-project#1580 In 1.x, bump grunt is different because v1.5.3 requires node>=8 and no breaking changes. This is the latest version with no node conflicts. grunt requires node>=16 sincev1.6.0 . Therefore, we should be very specific and limit the bump range. Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Main bump grunt via this PR: opensearch-project#1580 In 1.x, bump grunt is different because v1.5.3 requires node>=8 and no breaking changes. This is the latest version with no node conflicts. grunt requires node>=16 sincev1.6.0 . Therefore, we should be very specific and limit the bump range. Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Main bump grunt via this PR: opensearch-project#1580 In 1.x, bump grunt is different because v1.5.3 requires node>=8 and no breaking changes. This is the latest version with no node conflicts. grunt requires node>=16 sincev1.6.0 . Therefore, we should be very specific and limit the bump range. Issue Resolve: opensearch-project#1579 opensearch-project#1450 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Main bump grunt via this PR: opensearch-project#1580 In 1.x, bump grunt is different because v1.5.3 requires node>=8 and no breaking changes. This is the latest version with no node conflicts. grunt requires node>=16 sincev1.6.0 . Therefore, we should be very specific and limit the bump range. Issue Resolve: opensearch-project#1579 opensearch-project#1450 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Main bump grunt via this PR: opensearch-project#1580 In 1.x, bump grunt is different because v1.5.3 requires node>=8 and no breaking changes. This is the latest version with no node conflicts. grunt requires node>=16 sincev1.6.0 . Therefore, we should be very specific and limit the bump range. Issue Resolve: opensearch-project#1579 opensearch-project#1450 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Main bump grunt via this PR: opensearch-project#1580 In 1.x, bump grunt is different because v1.5.3 requires node>=8 and no breaking changes. This is the latest version with no node conflicts. grunt requires node>=16 sincev1.6.0 . Therefore, we should be very specific and limit the bump range. Issue Resolve: opensearch-project#1579 opensearch-project#1450 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
) Main bump grunt via this PR: #1580 In 1.x, bump grunt is different because v1.5.3 requires node>=8 and no breaking changes. This is the latest version with no node conflicts. grunt requires node>=16 sincev1.6.0 . Therefore, we should be very specific and limit the bump range. Issue Resolve: #1579 #1450 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: Josh Romero <rmerqg@amazon.com>
) Main bump grunt via this PR: #1580 In 1.x, bump grunt is different because v1.5.3 requires node>=8 and no breaking changes. This is the latest version with no node conflicts. grunt requires node>=16 sincev1.6.0 . Therefore, we should be very specific and limit the bump range. Issue Resolve: #1579 #1450 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> (cherry picked from commit 65deacb) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> # Conflicts: # CHANGELOG.md
) (#4435) Main bump grunt via this PR: #1580 In 1.x, bump grunt is different because v1.5.3 requires node>=8 and no breaking changes. This is the latest version with no node conflicts. grunt requires node>=16 sincev1.6.0 . Therefore, we should be very specific and limit the bump range. Issue Resolve: #1579 #1450 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> (cherry picked from commit 65deacb) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> # Conflicts: # CHANGELOG.md Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Description
Addresses CVE-2022-1537
Signed-off-by: Kawika Avilla kavilla414@gmail.com
Issues Resolved
#1579
Check List
yarn test:jest
yarn test:jest_integration
yarn test:ftr