-
Notifications
You must be signed in to change notification settings - Fork 916
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[backport 1.x][CVE-2022-0144] bump shelljs from 0.8.4 to 0.8.5 #2511
Conversation
Is this a backport or just bumping on the 1.x branch? Can the commit message be a little more descriptive and include the CVE resolved? Can be accomplished before merging when we have one last chance when editing the commit message. |
Also, is |
2.0 has bump to 0.8.5 |
Gotcha, do we have the original PR that this was cherry picked from? Also, #2512 implies it was able to resolve this without touching moment resolutions. |
yeah updated to |
will update commit msg after CI check done |
It is not a cve fix PR, here is the original PR for 2.0:#1409 the yeah just do a quick CI run to see if there is any conflicts. I will update commit msg |
@joshuarrrr @kavilla do I need to update 1.3.6 release not as well? |
As far as I know, it's too late to get this to 1.3.6 now - you'd need to reach out the build team to coordinate if it has to be squeezed into the release. |
We will pick this change into our 1.3.6 release and re-generate the release candidate for OSD. Please also update the release notes to include this. Thanks. |
I see function test fail https://github.com/opensearch-project/OpenSearch-Dashboards/actions/runs/3191842791/jobs/5210233465 due to SessionNotCreatedError, but I don't think it is caused by this PR. |
Resolves CVE-2022-0144 by bumping package shelljs to 0.8.5 Signed-off-by: Anan Zhuang <[email protected]>
@zelinh got it. I have fixed the functional test fail and include this change in the release note. |
Resolves CVE-2022-0144 by bumping package shelljs to 0.8.5 Signed-off-by: Anan Zhuang <[email protected]> (cherry picked from commit 38790c5)
Resolves CVE-2022-0144 by bumping package shelljs to 0.8.5 Signed-off-by: Anan Zhuang <[email protected]> (cherry picked from commit 38790c5) Co-authored-by: Anan Zhuang <[email protected]>
Signed-off-by: Anan Zhuang [email protected]
Check List
yarn test:jest
yarn test:jest_integration
yarn test:ftr