From ba2f9ca82dba799fb11e53761a2ef913ddd52c03 Mon Sep 17 00:00:00 2001 From: Anan Zhuang Date: Thu, 30 Mar 2023 03:48:32 +0000 Subject: [PATCH] [CVE-2022-25851][1.x] Bump jpeg-js from 0.4.1 to 0.4.4 Issue Resolve https://github.com/opensearch-project/OpenSearch-Dashboards/issues/1725 Backport PR https://github.com/opensearch-project/OpenSearch-Dashboards/pull/1753 Signed-off-by: Anan Zhuang --- CHANGELOG.md | 2 ++ yarn.lock | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ee3e300b611f..10fffd88df7a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,8 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) ### 🛡 Security +- [CVE-2022-25851] Bump jpeg-js from `0.4.1` to `0.4.4` ([#3741](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3741)) + ### 📈 Features/Enhancements - [Optimizer] Increase timeout waiting for the exiting of an optimizer worker ([#3193](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3193)) diff --git a/yarn.lock b/yarn.lock index a7245bc6235d..683a3886c837 100644 --- a/yarn.lock +++ b/yarn.lock @@ -13239,9 +13239,9 @@ joi@13.x.x, joi@^13.5.2: topo "3.x.x" jpeg-js@^0.4.0: - version "0.4.1" - resolved "https://registry.yarnpkg.com/jpeg-js/-/jpeg-js-0.4.1.tgz#937a3ae911eb6427f151760f8123f04c8bfe6ef7" - integrity sha512-jA55yJiB5tCXEddos8JBbvW+IMrqY0y1tjjx9KNVtA+QPmu7ND5j0zkKopClpUTsaETL135uOM2XfcYG4XRjmw== + version "0.4.4" + resolved "https://registry.yarnpkg.com/jpeg-js/-/jpeg-js-0.4.4.tgz#a9f1c6f1f9f0fa80cdb3484ed9635054d28936aa" + integrity sha512-WZzeDOEtTOBK4Mdsar0IqEU5sMr3vSV2RqkAIzUEV2BHnUfKGyswWFPFwK5EeDo93K3FohSHbLAjj0s1Wzd+dg== jquery@^3.5.0: version "3.5.0"