Skip to content

Commit

Permalink
[Security] Bump all babel dependencies from 7.16.x to 7.22.9 (#5428)
Browse files Browse the repository at this point in the history
* chore: Bump all babel dependencies from `7.16.x` to `7.22.9`

Update proposal plugins to their transform equivalents

Resolves CVE-2023-45133

---------

Signed-off-by: Josh Romero <[email protected]>
  • Loading branch information
joshuarrrr authored Nov 10, 2023
1 parent d2fa466 commit b82aa1c
Show file tree
Hide file tree
Showing 14 changed files with 838 additions and 712 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
- Remove examples and other unwanted artifacts from installed dependencies ([#4896](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/4896))
- Add support for TLS v1.3 ([#5133](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5133))
- [CVE-2023-45133] Add package resolution for `@babel/traverse` to `7.23.2` to fix vulnerability ([#5309](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5309))
- [CVE-2023-45133] Bump all babel dependencies from `7.16.x` to `7.22.9` to fix upstream vulnerability ([#5428](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5428))
- [CVE-2023-46234] Bump `eslint-import-resolver-webpack` from `0.11.1` to `0.13.8` and `browserify-sign` from `4.2.1` to `4.2.2` ([#5414](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5414/))

### 📈 Features/Enhancements
Expand Down
8 changes: 4 additions & 4 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -227,10 +227,10 @@
"yauzl": "^2.10.0"
},
"devDependencies": {
"@babel/core": "^7.16.5",
"@babel/parser": "^7.16.6",
"@babel/register": "^7.16.5",
"@babel/types": "^7.16.0",
"@babel/core": "^7.22.9",
"@babel/parser": "^7.22.9",
"@babel/register": "^7.22.9",
"@babel/types": "^7.22.9",
"@elastic/apm-rum": "^5.6.1",
"@elastic/charts": "31.1.0",
"@elastic/ems-client": "7.10.0",
Expand Down
2 changes: 1 addition & 1 deletion packages/osd-analytics/babel.config.js
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@

// We can't use common OpenSearch Dashboards presets here because of babel versions incompatibility
module.exports = {
plugins: ['@babel/plugin-proposal-class-properties'],
plugins: ['@babel/plugin-transform-class-properties'],
env: {
web: {
presets: ['@osd/babel-preset/webpack_preset'],
Expand Down
2 changes: 1 addition & 1 deletion packages/osd-analytics/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
"osd:watch": "../../scripts/use_node scripts/build --source-maps --watch"
},
"devDependencies": {
"@babel/cli": "^7.16.0",
"@babel/cli": "^7.22.9",
"@osd/dev-utils": "1.0.0",
"@osd/babel-preset": "1.0.0",
"typescript": "4.0.2"
Expand Down
19 changes: 6 additions & 13 deletions packages/osd-babel-preset/common_preset.js
Original file line number Diff line number Diff line change
Expand Up @@ -29,30 +29,23 @@
*/

const plugins = [
'@babel/plugin-transform-class-properties',
'@babel/plugin-transform-private-methods',
require.resolve('babel-plugin-add-module-exports'),

// The class properties proposal was merged with the private fields proposal
// into the "class fields" proposal which is stage 3.
// See https://github.com/babel/proposals/issues/12 for progress
require.resolve('@babel/plugin-proposal-class-properties'),

// Optional Chaining proposal is stage 4 (https://github.com/tc39/proposal-optional-chaining)
// Need this since we are using TypeScript 3.7+
require.resolve('@babel/plugin-proposal-optional-chaining'),
require.resolve('@babel/plugin-transform-optional-chaining'),
// Nullish coalescing proposal is stage 4 (https://github.com/tc39/proposal-nullish-coalescing)
// Need this since we are using TypeScript 3.7+
require.resolve('@babel/plugin-proposal-nullish-coalescing-operator'),
require.resolve('@babel/plugin-transform-nullish-coalescing-operator'),

// Proposal is merged into ECMA-262 (https://github.com/tc39/proposal-export-ns-from)
// Need this since we are using TypeScript 3.8+
require.resolve('@babel/plugin-proposal-export-namespace-from'),

// Proposal is merged into ECMA-262 (https://github.com/tc39/proposal-export-ns-from)
// Need this since we are using TypeScript 3.9+
require.resolve('@babel/plugin-proposal-private-methods'),
require.resolve('@babel/plugin-transform-export-namespace-from'),

// Proposal is on stage 4 (https://github.com/tc39/proposal-logical-assignment)
require.resolve('@babel/plugin-proposal-logical-assignment-operators'),
require.resolve('@babel/plugin-transform-logical-assignment-operators'),
];

module.exports = {
Expand Down
16 changes: 7 additions & 9 deletions packages/osd-babel-preset/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,13 @@
"devOnly": true
},
"dependencies": {
"@babel/plugin-proposal-class-properties": "^7.16.5",
"@babel/plugin-proposal-export-namespace-from": "^7.16.5",
"@babel/plugin-proposal-logical-assignment-operators": "^7.16.5",
"@babel/plugin-proposal-nullish-coalescing-operator": "^7.16.5",
"@babel/plugin-proposal-optional-chaining": "^7.16.5",
"@babel/plugin-proposal-private-methods": "^7.16.5",
"@babel/preset-env": "^7.16.5",
"@babel/preset-react": "^7.16.5",
"@babel/preset-typescript": "^7.16.5",
"@babel/plugin-transform-export-namespace-from": "^7.22.9",
"@babel/plugin-transform-logical-assignment-operators": "^7.22.9",
"@babel/plugin-transform-nullish-coalescing-operator": "^7.22.9",
"@babel/plugin-transform-optional-chaining": "^7.22.9",
"@babel/preset-env": "^7.22.9",
"@babel/preset-react": "^7.22.9",
"@babel/preset-typescript": "^7.22.9",
"babel-plugin-add-module-exports": "^1.0.4",
"babel-plugin-styled-components": "^2.0.2",
"babel-plugin-transform-react-remove-prop-types": "^0.4.24",
Expand Down
2 changes: 1 addition & 1 deletion packages/osd-dev-utils/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
"devOnly": true
},
"dependencies": {
"@babel/core": "^7.16.5",
"@babel/core": "^7.22.9",
"@osd/utils": "1.0.0",
"axios": "^0.27.2",
"chalk": "^4.1.0",
Expand Down
4 changes: 2 additions & 2 deletions packages/osd-i18n/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@
"license": "Apache-2.0",
"private": true,
"devDependencies": {
"@babel/cli": "^7.16.0",
"@babel/core": "^7.16.5",
"@babel/cli": "^7.22.9",
"@babel/core": "^7.22.9",
"@osd/babel-preset": "1.0.0",
"@osd/dev-utils": "1.0.0",
"@types/intl-relativeformat": "^2.1.0",
Expand Down
10 changes: 5 additions & 5 deletions packages/osd-interpreter/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -9,16 +9,16 @@
"osd:watch": "../../scripts/use_node scripts/build --dev --watch"
},
"dependencies": {
"@babel/runtime": "^7.16.5",
"@babel/runtime": "^7.22.9",
"@osd/i18n": "1.0.0",
"lodash": "^4.17.21",
"uuid": "3.3.2"
},
"devDependencies": {
"@babel/cli": "^7.16.0",
"@babel/core": "^7.16.5",
"@babel/plugin-transform-modules-commonjs": "^7.16.5",
"@babel/plugin-transform-runtime": "^7.16.5",
"@babel/cli": "^7.22.9",
"@babel/core": "^7.22.9",
"@babel/plugin-transform-modules-commonjs": "^7.22.9",
"@babel/plugin-transform-runtime": "^7.22.9",
"@osd/babel-preset": "1.0.0",
"@osd/dev-utils": "1.0.0",
"babel-loader": "^8.2.3",
Expand Down
2 changes: 1 addition & 1 deletion packages/osd-opensearch/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
},
"devDependencies": {
"@osd/babel-preset": "1.0.0",
"@babel/cli": "^7.16.0",
"@babel/cli": "^7.22.9",
"del": "^6.1.1"
}
}
4 changes: 2 additions & 2 deletions packages/osd-optimizer/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@
"osd:watch": "yarn build --watch"
},
"dependencies": {
"@babel/cli": "^7.16.0",
"@babel/core": "^7.16.5",
"@babel/cli": "^7.22.9",
"@babel/core": "^7.22.9",
"@osd/babel-preset": "1.0.0",
"@osd/cross-platform": "1.0.0",
"@osd/dev-utils": "1.0.0",
Expand Down
8 changes: 3 additions & 5 deletions packages/osd-pm/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,9 @@
"prettier": "prettier --write './src/**/*.ts'"
},
"devDependencies": {
"@babel/core": "^7.16.5",
"@babel/plugin-proposal-class-properties": "^7.16.5",
"@babel/plugin-proposal-object-rest-spread": "^7.16.5",
"@babel/preset-env": "^7.16.5",
"@babel/preset-typescript": "^7.16.5",
"@babel/core": "^7.22.9",
"@babel/preset-env": "^7.22.9",
"@babel/preset-typescript": "^7.22.9",
"@node-rs/xxhash": "^1.3.0",
"@osd/babel-preset": "1.0.0",
"@osd/dev-utils": "1.0.0",
Expand Down
2 changes: 1 addition & 1 deletion packages/osd-test/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
"devOnly": true
},
"devDependencies": {
"@babel/cli": "^7.16.0",
"@babel/cli": "^7.22.9",
"@osd/babel-preset": "1.0.0",
"@osd/dev-utils": "1.0.0",
"@osd/utils": "1.0.0",
Expand Down
Loading

0 comments on commit b82aa1c

Please sign in to comment.