From 38a30dfa1c968c4776ac9568dfbbdf1f7eca7da0 Mon Sep 17 00:00:00 2001 From: ZilongX <99905560+ZilongX@users.noreply.github.com> Date: Thu, 1 Dec 2022 13:51:28 -0800 Subject: [PATCH] [CVE] Bump loader-utils to 2.0.4 to fix CVE-2022-37599 and CVE-2022-37603 (#2995) Signed-off-by: Zilong Xia Signed-off-by: Zilong Xia --- CHANGELOG.md | 2 ++ package.json | 2 +- packages/osd-optimizer/package.json | 2 +- packages/osd-ui-shared-deps/package.json | 2 +- yarn.lock | 8 ++++---- 5 files changed, 9 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 19a95a70a18c..62e4d8361854 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,8 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) * [CVE-2021-24033] Remove storybook package to fix CVE-2021-42740 and CVE-2021-24033 ([#2660](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2660)) * [CVE-2021-42740] Remove storybook package to fix CVE-2021-42740 and CVE-2021-24033 ([#2660](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2660)) * [CVE-2022-37601] Bump loader-utils to 2.0.3 ([#2707](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2707)) +* [CVE-2022-37599] Bump loader-utils to 2.0.4 ([#2995](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2995)) +* [CVE-2022-37603] Bump loader-utils to 2.0.4 ([#2995](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2995)) ### 📈 Features/Enhancements diff --git a/package.json b/package.json index fbb21f50ed75..d43b083e654e 100644 --- a/package.json +++ b/package.json @@ -88,7 +88,7 @@ "**/istanbul-instrumenter-loader/schema-utils": "^1.0.0", "**/json-schema": "^0.4.0", "**/kind-of": ">=6.0.3", - "**/loader-utils": "^2.0.3", + "**/loader-utils": "^2.0.4", "**/lodash": "^4.17.21", "**/merge": "^2.1.1", "**/minimist": "^1.2.5", diff --git a/packages/osd-optimizer/package.json b/packages/osd-optimizer/package.json index 4a22dda589cd..8c98a1a01fbd 100644 --- a/packages/osd-optimizer/package.json +++ b/packages/osd-optimizer/package.json @@ -51,7 +51,7 @@ "babel-loader": "^8.0.6", "css-loader": "^3.4.2", "file-loader": "^4.2.0", - "loader-utils": "^1.2.3", + "loader-utils": "^2.0.4", "postcss-loader": "^3.0.0", "raw-loader": "^3.1.0", "sass-loader": "^8.0.2", diff --git a/packages/osd-ui-shared-deps/package.json b/packages/osd-ui-shared-deps/package.json index 5a73a31df5c5..6d7571e2bf95 100644 --- a/packages/osd-ui-shared-deps/package.json +++ b/packages/osd-ui-shared-deps/package.json @@ -43,7 +43,7 @@ "babel-plugin-transform-react-remove-prop-types": "^0.4.24", "css-loader": "^3.4.2", "del": "^6.1.1", - "loader-utils": "^1.2.3", + "loader-utils": "^2.0.4", "val-loader": "^2.1.2", "webpack": "^4.41.5" } diff --git a/yarn.lock b/yarn.lock index 21dc56b444ea..6ef3d8ac182f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -13859,10 +13859,10 @@ loader-runner@^2.4.0: resolved "https://registry.yarnpkg.com/loader-runner/-/loader-runner-2.4.0.tgz#ed47066bfe534d7e84c4c7b9998c2a75607d9357" integrity sha512-Jsmr89RcXGIwivFY21FcRrisYZfvLMTWx5kOLc+JTxtpBOG6xML0vzbc6SEQG2FO9/4Fc3wW4LVcB5DmGflaRw== -loader-utils@1.2.3, loader-utils@^1.0.2, loader-utils@^1.1.0, loader-utils@^1.2.3, loader-utils@^2.0.0, loader-utils@^2.0.3: - version "2.0.3" - resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-2.0.3.tgz#d4b15b8504c63d1fc3f2ade52d41bc8459d6ede1" - integrity sha512-THWqIsn8QRnvLl0shHYVBN9syumU8pYWEHPTmkiVGd+7K5eFNVSY6AJhRvgGF70gg1Dz+l/k8WicvFCxdEs60A== +loader-utils@1.2.3, loader-utils@^1.0.2, loader-utils@^1.1.0, loader-utils@^1.2.3, loader-utils@^2.0.0, loader-utils@^2.0.4: + version "2.0.4" + resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-2.0.4.tgz#8b5cb38b5c34a9a018ee1fc0e6a066d1dfcc528c" + integrity sha512-xXqpXoINfFhgua9xiqD8fPFHgkoq1mmmpE92WlDbm9rNRd/EbRb+Gqf908T2DMfuHjjJlksiK2RbHVOdD/MqSw== dependencies: big.js "^5.2.2" emojis-list "^3.0.0"