From 9b0fa9001c8920aaf1810e0a725c688f8b0d8ee1 Mon Sep 17 00:00:00 2001 From: "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Date: Tue, 6 Dec 2022 11:19:43 -0800 Subject: [PATCH] Bumped decode-uri-component version to address CVE-2022-38900. (#400) (#403) Signed-off-by: AWSHurneyt Signed-off-by: AWSHurneyt (cherry picked from commit 939b1bc7949f517a9098b52e456b59a43816de28) Co-authored-by: AWSHurneyt --- package.json | 1 + yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/package.json b/package.json index 084522c4e..fd93054ff 100644 --- a/package.json +++ b/package.json @@ -45,6 +45,7 @@ "resolutions": { "ansi-regex": "^5.0.1", "async": "^3.2.3", + "decode-uri-component": "^0.2.1", "fstream": "1.0.12", "glob-parent": "^5.1.2", "json-schema": "^0.4.0", diff --git a/yarn.lock b/yarn.lock index a3b145c78..17bf79d11 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1529,10 +1529,10 @@ decamelize@^1.2.0: resolved "https://registry.yarnpkg.com/decamelize/-/decamelize-1.2.0.tgz#f6534d15148269b20352e7bee26f501f9a191290" integrity sha1-9lNNFRSCabIDUue+4m9QH5oZEpA= -decode-uri-component@^0.2.0: - version "0.2.0" - resolved "https://registry.yarnpkg.com/decode-uri-component/-/decode-uri-component-0.2.0.tgz#eb3913333458775cb84cd1a1fae062106bb87545" - integrity sha1-6zkTMzRYd1y4TNGh+uBiEGu4dUU= +decode-uri-component@^0.2.0, decode-uri-component@^0.2.1: + version "0.2.2" + resolved "https://registry.yarnpkg.com/decode-uri-component/-/decode-uri-component-0.2.2.tgz#e69dbe25d37941171dd540e024c444cd5188e1e9" + integrity sha512-FqUYQ+8o158GyGTrMFJms9qh3CqTKvAqgqsTnkLI8sKu0028orqBhxNMFkFen0zGyg6epACD32pjVk58ngIErQ== dedent@^0.7.0: version "0.7.0"