From 9e43c7b306bb67fbcbceefe2c1d8a9ce3148e2d2 Mon Sep 17 00:00:00 2001 From: Anan Zhuang Date: Fri, 10 May 2024 20:33:49 +0000 Subject: [PATCH 1/6] [CVE-2024-33883] Bump ejs from to Issue Resolved https://github.com/opensearch-project/OpenSearch-Dashboards/issues/6769 Signed-off-by: Anan Zhuang --- packages/osd-plugin-generator/package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/packages/osd-plugin-generator/package.json b/packages/osd-plugin-generator/package.json index bab54de44149..59ece58cfed4 100644 --- a/packages/osd-plugin-generator/package.json +++ b/packages/osd-plugin-generator/package.json @@ -11,7 +11,7 @@ "dependencies": { "@osd/cross-platform": "1.0.0", "@osd/dev-utils": "1.0.0", - "ejs": "^3.1.7", + "ejs": "^3.1.10", "execa": "^4.0.2", "inquirer": "^7.3.3", "normalize-path": "^3.0.0", diff --git a/yarn.lock b/yarn.lock index 3a400259abdf..2db1e799fe42 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7788,10 +7788,10 @@ ecc-jsbn@~0.1.1: jsbn "~0.1.0" safer-buffer "^2.1.0" -ejs@^3.1.7: - version "3.1.7" - resolved "https://registry.yarnpkg.com/ejs/-/ejs-3.1.7.tgz#c544d9c7f715783dd92f0bddcf73a59e6962d006" - integrity sha512-BIar7R6abbUxDA3bfXrO4DSgwo8I+fB5/1zgujl3HLLjwd6+9iOnrT+t3grn2qbk9vOgBubXOFwX2m9axoFaGw== +ejs@^3.1.10: + version "3.1.10" + resolved "https://registry.yarnpkg.com/ejs/-/ejs-3.1.10.tgz#69ab8358b14e896f80cc39e62087b88500c3ac3b" + integrity sha512-UeJmFfOrAQS8OJWPZ4qtgHyWExa088/MtK5UEyoJGFH67cDEXkZSviOiKRCZ4Xij0zxI3JECgYs3oKx+AizQBA== dependencies: jake "^10.8.5" From 336799bd5556ff4d3f962738270bd52f05a282ef Mon Sep 17 00:00:00 2001 From: "opensearch-changeset-bot[bot]" <154024398+opensearch-changeset-bot[bot]@users.noreply.github.com> Date: Fri, 10 May 2024 22:26:58 +0000 Subject: [PATCH 2/6] Changeset file for PR #6770 created/updated --- changelogs/fragments/6770.yml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 changelogs/fragments/6770.yml diff --git a/changelogs/fragments/6770.yml b/changelogs/fragments/6770.yml new file mode 100644 index 000000000000..c0ff9d247088 --- /dev/null +++ b/changelogs/fragments/6770.yml @@ -0,0 +1,2 @@ +security: +- [CVE-2024-33883] Bump ejs from `3.1.7` to `3.1.101 ([#6770](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6770)) \ No newline at end of file From 561577f8d0d53ea0575ab23cd4d274d86556e6ab Mon Sep 17 00:00:00 2001 From: "opensearch-changeset-bot[bot]" <154024398+opensearch-changeset-bot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 15:11:15 +0000 Subject: [PATCH 3/6] Changeset file for PR #6770 created/updated --- changelogs/fragments/6770.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelogs/fragments/6770.yml b/changelogs/fragments/6770.yml index c0ff9d247088..464cc83b7786 100644 --- a/changelogs/fragments/6770.yml +++ b/changelogs/fragments/6770.yml @@ -1,2 +1,2 @@ security: -- [CVE-2024-33883] Bump ejs from `3.1.7` to `3.1.101 ([#6770](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6770)) \ No newline at end of file +- [CVE-2024-33883] Bump ejs from `3.1.7` to `3.1.101` ([#6770](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6770)) \ No newline at end of file From 0b2ff1966449f95c8c6ab0f0d31f29cbca3b1338 Mon Sep 17 00:00:00 2001 From: "opensearch-changeset-bot[bot]" <154024398+opensearch-changeset-bot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 15:11:18 +0000 Subject: [PATCH 4/6] Changeset file for PR #6770 created/updated --- changelogs/fragments/6770.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelogs/fragments/6770.yml b/changelogs/fragments/6770.yml index 464cc83b7786..c0ff9d247088 100644 --- a/changelogs/fragments/6770.yml +++ b/changelogs/fragments/6770.yml @@ -1,2 +1,2 @@ security: -- [CVE-2024-33883] Bump ejs from `3.1.7` to `3.1.101` ([#6770](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6770)) \ No newline at end of file +- [CVE-2024-33883] Bump ejs from `3.1.7` to `3.1.101 ([#6770](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6770)) \ No newline at end of file From 34b35f3c628077b9e10e00579b465f467942cc19 Mon Sep 17 00:00:00 2001 From: "opensearch-changeset-bot[bot]" <154024398+opensearch-changeset-bot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 15:14:40 +0000 Subject: [PATCH 5/6] Changeset file for PR #6770 created/updated --- changelogs/fragments/6770.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelogs/fragments/6770.yml b/changelogs/fragments/6770.yml index c0ff9d247088..464cc83b7786 100644 --- a/changelogs/fragments/6770.yml +++ b/changelogs/fragments/6770.yml @@ -1,2 +1,2 @@ security: -- [CVE-2024-33883] Bump ejs from `3.1.7` to `3.1.101 ([#6770](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6770)) \ No newline at end of file +- [CVE-2024-33883] Bump ejs from `3.1.7` to `3.1.101` ([#6770](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6770)) \ No newline at end of file From 02a37990fb070a5ddf046f6e20a57371c03347ea Mon Sep 17 00:00:00 2001 From: "opensearch-changeset-bot[bot]" <154024398+opensearch-changeset-bot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 15:15:05 +0000 Subject: [PATCH 6/6] Changeset file for PR #6770 created/updated --- changelogs/fragments/6770.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelogs/fragments/6770.yml b/changelogs/fragments/6770.yml index 464cc83b7786..19dee5d37b46 100644 --- a/changelogs/fragments/6770.yml +++ b/changelogs/fragments/6770.yml @@ -1,2 +1,2 @@ security: -- [CVE-2024-33883] Bump ejs from `3.1.7` to `3.1.101` ([#6770](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6770)) \ No newline at end of file +- [CVE-2024-33883] Bump ejs from `3.1.7` to `3.1.10` ([#6770](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6770)) \ No newline at end of file