Upgrade json5 and glob-parent #17
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Rupal Mahajan <[email protected]>
Signed-off-by: Rupal Mahajan <[email protected]>
anirudha
approved these changes
Jan 6, 2023
mengweieric
approved these changes
Jan 6, 2023
rupal-bq
added a commit
that referenced
this pull request
Jan 10, 2023
* Remove odfe bwc test (#408) (#409) * removed odfe bwc test Signed-off-by: Shenoy Pratik <[email protected]> * removed bwc test from workflows Signed-off-by: Shenoy Pratik <[email protected]> (cherry picked from commit 556b5fb) Co-authored-by: Shenoy Pratik <[email protected]> * Remove odfe bwc test (#408) * removed odfe bwc test Signed-off-by: Shenoy Pratik <[email protected]> * removed bwc test from workflows Signed-off-by: Shenoy Pratik <[email protected]> (cherry picked from commit 556b5fb) * Bump version 2.2.0 Signed-off-by: vamsi-amazon <[email protected]> * Bump version 2.2.0 (#413) Signed-off-by: vamsi-amazon <[email protected]> (cherry picked from commit c91534a67503e6c61ef6e1f53e852bb937f9fc14) Co-authored-by: vamsi-amazon <[email protected]> * [2.x] Restrict chromium requests (#435) * Fix regex validation, detect iframe, embed, object tags Signed-off-by: Joshua Li <[email protected]> * Disallow redirection to non-localhost urls Signed-off-by: Joshua Li <[email protected]> * Disallow connection to non-allowlisted urls Signed-off-by: Joshua Li <[email protected]> * Disable JIT Signed-off-by: Joshua Li <[email protected]> * Fix workflow Signed-off-by: Joshua Li <[email protected]> * Try to fix CI Signed-off-by: Joshua Li <[email protected]> * Fix localstorage logic Signed-off-by: Joshua Li <[email protected]> Signed-off-by: Joshua Li <[email protected]> * [2.2] Restrict chromium requests (#431) * Fix regex validation, detect iframe, embed, object tags Signed-off-by: Joshua Li <[email protected]> * Disallow redirection to non-localhost urls Signed-off-by: Joshua Li <[email protected]> * Disallow connection to non-allowlisted urls Signed-off-by: Joshua Li <[email protected]> * Disable JIT Signed-off-by: Joshua Li <[email protected]> * Fix workflow Signed-off-by: Joshua Li <[email protected]> * Try to fix CI Signed-off-by: Joshua Li <[email protected]> * Fix localstorage logic Signed-off-by: Joshua Li <[email protected]> Signed-off-by: Joshua Li <[email protected]> * Increment version to 2.2.1-SNAPSHOT Signed-off-by: opensearch-ci-bot <[email protected]> * Increment version to 2.3.0-SNAPSHOT Signed-off-by: opensearch-ci-bot <[email protected]> * [2.x] Upgrade puppeteer (#489) * upgrade puppeteer & change report timeout Signed-off-by: Rupal Mahajan <[email protected]> * Change timeout Signed-off-by: Rupal Mahajan <[email protected]> Signed-off-by: Rupal Mahajan <[email protected]> * Bump verison 2.4.0 (#499) Signed-off-by: Rupal Mahajan <[email protected]> Signed-off-by: Rupal Mahajan <[email protected]> * feat: enable windows and macos build (#504) (#511) Signed-off-by: Derek Ho <[email protected]> * Update version for jsdom, terser and jsoup (#515) Signed-off-by: Rupal Mahajan <[email protected]> * Upgrade minimatch, moment (#513) Signed-off-by: Rupal Mahajan <[email protected]> * Add loader-utils to resolutions (#525) Signed-off-by: Rupal Mahajan <[email protected]> Signed-off-by: Rupal Mahajan <[email protected]> * Bump loader-utils from 2.0.3 to 2.0.4 in /dashboards-reports (#539) (#541) Bumps [loader-utils](https://github.com/webpack/loader-utils) from 2.0.3 to 2.0.4. - [Release notes](https://github.com/webpack/loader-utils/releases) - [Changelog](https://github.com/webpack/loader-utils/blob/v2.0.4/CHANGELOG.md) - [Commits](webpack/loader-utils@v2.0.3...v2.0.4) --- updated-dependencies: - dependency-name: loader-utils dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit 69805c4) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * update qs 6.5.3 (#545) Signed-off-by: Rupal Mahajan <[email protected]> Signed-off-by: Rupal Mahajan <[email protected]> * Use advanced settings for leading wildcards in query for csv reports (#549) * Fetch allowLeadingWildcards from config Signed-off-by: Rupal Mahajan <[email protected]> * Fix tests Signed-off-by: Rupal Mahajan <[email protected]> * nit Signed-off-by: Rupal Mahajan <[email protected]> * add default value for allowLeadingWildCards Co-authored-by: Joshua Li <[email protected]> Signed-off-by: Rupal Mahajan <[email protected]> Signed-off-by: Rupal Mahajan <[email protected]> Co-authored-by: Joshua Li <[email protected]> * Increment version to 2.5.0-SNAPSHOT (#528) Signed-off-by: opensearch-ci-bot <[email protected]> Signed-off-by: opensearch-ci-bot <[email protected]> Co-authored-by: opensearch-ci-bot <[email protected]> * [1.x] Upgrade decode-uri-component (#558) (#560) * upgrade loader-utils for CVE-2022-37601 Signed-off-by: Rupal Mahajan <[email protected]> * Update async for CVE-2021-43138 Signed-off-by: Rupal Mahajan <[email protected]> * Fix cross-fetch for CVE-2022-1365 Signed-off-by: Rupal Mahajan <[email protected]> * Fix for CVE-2022-37599, CVE-2022-37603 Signed-off-by: Rupal Mahajan <[email protected]> * Update terser for CVE-2022-25858 Signed-off-by: Rupal Mahajan <[email protected]> * Update minimatch for CVE-2022-3517 Signed-off-by: Rupal Mahajan <[email protected]> * Update moment for CVE-2022-24785 Signed-off-by: Rupal Mahajan <[email protected]> * Update jsdom for CVE-2021-20066 Signed-off-by: Rupal Mahajan <[email protected]> * Update execa for GMS-2020-2 Signed-off-by: Rupal Mahajan <[email protected]> * Update qs for CVE-2022-24999 Signed-off-by: Rupal Mahajan <[email protected]> * Update moment for CVE-2022-31129 Signed-off-by: Rupal Mahajan <[email protected]> * Update decode-uri-component for CVE-2022-38900 Signed-off-by: Rupal Mahajan <[email protected]> Signed-off-by: Rupal Mahajan <[email protected]> (cherry picked from commit 3393615) Co-authored-by: Rupal Mahajan <[email protected]> * Fix windows and macos CI (#569) (#571) * Update windows & mac CI for reo name change Signed-off-by: Rupal Mahajan <[email protected]> * Fix linux build Signed-off-by: Rupal Mahajan <[email protected]> Signed-off-by: Rupal Mahajan <[email protected]> (cherry picked from commit 08ff77b) Co-authored-by: Rupal Mahajan <[email protected]> * Remove jackson-databind and jackson-annotations (#587) * Remove jackson-databind and jackson-annotations dependencies Signed-off-by: Rupal Mahajan <[email protected]> * resolve dompurify conflicting dependencies Signed-off-by: Rupal Mahajan <[email protected]> * fix build Signed-off-by: Rupal Mahajan <[email protected]> Signed-off-by: Rupal Mahajan <[email protected]> * Update 2.x to be same as Reporting Repo (#2) * Use front-end report generation instead of chromium (#586) * Increment version to 2.4.1-SNAPSHOT (#540) Signed-off-by: opensearch-ci-bot <[email protected]> Signed-off-by: opensearch-ci-bot <[email protected]> Co-authored-by: opensearch-ci-bot <[email protected]> * --wip-- Signed-off-by: Joshua Li <[email protected]> * Add initial implementation of client reporting generation Signed-off-by: Joshua Li <[email protected]> * Fix url with basepath Signed-off-by: Joshua Li <[email protected]> * Update header footer height Signed-off-by: Joshua Li <[email protected]> * Update dialog text to not close dialog Signed-off-by: Joshua Li <[email protected]> * Remove console.log Signed-off-by: Joshua Li <[email protected]> * Remove unused components Signed-off-by: Joshua Li <[email protected]> * Remove chromium references Signed-off-by: Joshua Li <[email protected]> * Add report generation error handling Signed-off-by: Joshua Li <[email protected]> * Minor refactors Signed-off-by: Joshua Li <[email protected]> * Add postinstall patch to support safari for html2canvas Signed-off-by: Joshua Li <[email protected]> * Add dompurify Signed-off-by: Joshua Li <[email protected]> * Fix build error Signed-off-by: Joshua Li <[email protected]> * Remove chromium from CI Signed-off-by: Joshua Li <[email protected]> * Update CI artifact name Signed-off-by: Joshua Li <[email protected]> Signed-off-by: opensearch-ci-bot <[email protected]> Signed-off-by: Joshua Li <[email protected]> Co-authored-by: opensearch-trigger-bot[bot] <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Co-authored-by: opensearch-ci-bot <[email protected]> * Fix workflow Signed-off-by: Rupal Mahajan <[email protected]> * Fix build artifact name in workflow Signed-off-by: Rupal Mahajan <[email protected]> * Add missing bracket Signed-off-by: Rupal Mahajan <[email protected]> * Change nick-invision to nick-fields to fix worklfow actions Signed-off-by: Rupal Mahajan <[email protected]> Signed-off-by: opensearch-ci-bot <[email protected]> Signed-off-by: Joshua Li <[email protected]> Signed-off-by: Rupal Mahajan <[email protected]> Co-authored-by: Joshua Li <[email protected]> Co-authored-by: opensearch-trigger-bot[bot] <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Co-authored-by: opensearch-ci-bot <[email protected]> * [Backport 2.x] Add necessary files #4 (#6) * Add necessary files (#4) * Add docs Signed-off-by: Rupal Mahajan <[email protected]> * Update docs to repo name change Signed-off-by: Rupal Mahajan <[email protected]> * Updated MAINTAINERS.md to match recommended opensearch-project format. Signed-off-by: Rupal Mahajan <[email protected]> Signed-off-by: Rupal Mahajan <[email protected]> * Remove chromium related info from readme Signed-off-by: Rupal Mahajan <[email protected]> * nit: remove troubleshooting section Signed-off-by: Rupal Mahajan <[email protected]> * nit: missed font dependencies under troubleshooting Signed-off-by: Rupal Mahajan <[email protected]> Signed-off-by: Rupal Mahajan <[email protected]> * Upgrade json5 and glob-parent (#17) * upgrade json5 for CVE-2022-46175 Signed-off-by: Rupal Mahajan <[email protected]> * Upgrade glob-parent to v6.0.2 for CVE-2021-35065 Signed-off-by: Rupal Mahajan <[email protected]> Signed-off-by: Rupal Mahajan <[email protected]> * Update dev doc for new repo (#18) (#20) Signed-off-by: Rupal Mahajan <[email protected]> Signed-off-by: Rupal Mahajan <[email protected]> (cherry picked from commit 7bb7e2b) Co-authored-by: Rupal Mahajan <[email protected]> * fix plugin version in package.json Signed-off-by: Rupal Mahajan <[email protected]> * nit: missed deleting visualReportHelper in merge Signed-off-by: Rupal Mahajan <[email protected]> Signed-off-by: vamsi-amazon <[email protected]> Signed-off-by: Joshua Li <[email protected]> Signed-off-by: opensearch-ci-bot <[email protected]> Signed-off-by: Eric Wei <[email protected]> Signed-off-by: Rupal Mahajan <[email protected]> Signed-off-by: Derek Ho <[email protected]> Co-authored-by: opensearch-trigger-bot[bot] <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Co-authored-by: Shenoy Pratik <[email protected]> Co-authored-by: vamsi-amazon <[email protected]> Co-authored-by: Joshua Li <[email protected]> Co-authored-by: opensearch-ci-bot <[email protected]> Co-authored-by: Prudhvi Godithi <[email protected]> Co-authored-by: Eric Wei <[email protected]> Co-authored-by: Derek Ho <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Signed-off-by: Rupal Mahajan [email protected]
Description
Issues Resolved
CVE-2022-46175
CVE-2021-35065
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.