Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[2.4] Upgrade decode-uri-component and qs #567

Merged
merged 6 commits into from
Dec 6, 2022
Merged

[2.4] Upgrade decode-uri-component and qs #567

merged 6 commits into from
Dec 6, 2022

Conversation

rupal-bq
Copy link
Contributor

@rupal-bq rupal-bq commented Dec 6, 2022

Description

  • Upgraded decode-uri-component to v0.2.2
  • Upgraded qs to v6.5.3
  • Updated CI for the repo name change

Issues Resolved

CVE-2022-38900
CVE-2022-24999

Check List

  • New functionality includes testing.
    • All tests pass, including unit test, integration test and doctest
  • New functionality has been documented.
    • New functionality has javadoc added
    • New functionality has user manual doc added
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

opensearch-trigger-bot bot and others added 3 commits December 6, 2022 19:59
* upgrade loader-utils for CVE-2022-37601

Signed-off-by: Rupal Mahajan <maharup@amazon.com>

* Update async for CVE-2021-43138

Signed-off-by: Rupal Mahajan <maharup@amazon.com>

* Fix cross-fetch for CVE-2022-1365

Signed-off-by: Rupal Mahajan <maharup@amazon.com>

* Fix for CVE-2022-37599, CVE-2022-37603

Signed-off-by: Rupal Mahajan <maharup@amazon.com>

* Update terser for CVE-2022-25858

Signed-off-by: Rupal Mahajan <maharup@amazon.com>

* Update minimatch for CVE-2022-3517

Signed-off-by: Rupal Mahajan <maharup@amazon.com>

* Update moment for CVE-2022-24785

Signed-off-by: Rupal Mahajan <maharup@amazon.com>

* Update jsdom for CVE-2021-20066

Signed-off-by: Rupal Mahajan <maharup@amazon.com>

* Update execa for GMS-2020-2

Signed-off-by: Rupal Mahajan <maharup@amazon.com>

* Update qs for CVE-2022-24999

Signed-off-by: Rupal Mahajan <maharup@amazon.com>

* Update moment for CVE-2022-31129

Signed-off-by: Rupal Mahajan <maharup@amazon.com>

* Update decode-uri-component for CVE-2022-38900

Signed-off-by: Rupal Mahajan <maharup@amazon.com>

Signed-off-by: Rupal Mahajan <maharup@amazon.com>
(cherry picked from commit d3f36b5)

Co-authored-by: Rupal Mahajan <maharup@amazon.com>
Signed-off-by: Rupal Mahajan <maharup@amazon.com>
Signed-off-by: Rupal Mahajan <maharup@amazon.com>

Signed-off-by: Rupal Mahajan <maharup@amazon.com>
@rupal-bq rupal-bq requested a review from a team as a code owner December 6, 2022 20:10
sejli
sejli previously approved these changes Dec 6, 2022
kavithacm
kavithacm previously approved these changes Dec 6, 2022
Signed-off-by: Rupal Mahajan <maharup@amazon.com>
@rupal-bq rupal-bq dismissed stale reviews from kavithacm and sejli via 5fcbb2c December 6, 2022 20:50
Signed-off-by: Rupal Mahajan <maharup@amazon.com>
@rupal-bq rupal-bq requested a review from joshuali925 December 6, 2022 21:12
Signed-off-by: Rupal Mahajan <maharup@amazon.com>
@rupal-bq rupal-bq requested a review from derek-ho December 6, 2022 21:24
@rupal-bq rupal-bq merged commit bc7e5db into opensearch-project:2.4 Dec 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants