From b09a23eda341452634eebbbad39722362a39b8c0 Mon Sep 17 00:00:00 2001 From: Kawika Avilla Date: Thu, 16 Jun 2022 06:37:24 +0000 Subject: [PATCH] [CVE] Resolve `jpeg-js` to 0.4.4 Addresses Denial of Service (DoS) issue where a particular piece of input will cause to enter an infinite loop and never return. CVE: https://vuln.whitesourcesoftware.com/vulnerability/CVE-2022-25851 Issue Resolved: https://github.com/opensearch-project/OpenSearch-Dashboards/issues/1725 Signed-off-by: Kawika Avilla --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index c0bd12420ec6..e6d96c107877 100644 --- a/yarn.lock +++ b/yarn.lock @@ -11486,9 +11486,9 @@ joi@^17.3.0: "@sideway/pinpoint" "^2.0.0" jpeg-js@^0.4.0: - version "0.4.3" - resolved "https://registry.yarnpkg.com/jpeg-js/-/jpeg-js-0.4.3.tgz#6158e09f1983ad773813704be80680550eff977b" - integrity sha512-ru1HWKek8octvUHFHvE5ZzQ1yAsJmIvRdGWvSoKV52XKyuyYA437QWDttXT8eZXDSbuMpHlLzPDZUPd6idIz+Q== + version "0.4.4" + resolved "https://registry.yarnpkg.com/jpeg-js/-/jpeg-js-0.4.4.tgz#a9f1c6f1f9f0fa80cdb3484ed9635054d28936aa" + integrity sha512-WZzeDOEtTOBK4Mdsar0IqEU5sMr3vSV2RqkAIzUEV2BHnUfKGyswWFPFwK5EeDo93K3FohSHbLAjj0s1Wzd+dg== jquery@^3.5.0: version "3.6.0"