Fix CVEs

Signed-off-by: Philippe Deslauriers <[email protected]>

opensearch-dashboards-2.yaml

@@ -55,11 +55,22 @@ pipeline:
       tag: ${{package.version}}
       expected-commit: 9ec9a677af5f28e5450926ce07e9d6c3273717a7
 
+  - uses: patch
+    with:
+      patches: 0001-Backport-Bump-typescript-and-axios.patch
+
   - runs: |
       # Workaround for "OpenSearch Dashboards should not be run as root.  Use --allow-root to continue."
       # This change will add the --allow-root when running the build_ts_refs and register_git_hook scripts
       sed -i 's/\("osd:bootstrap": "scripts\/use_node scripts\/build_ts_refs\)\( && scripts\/use_node scripts\/register_git_hook\)/\1 --allow-root\2 --allow-root/' package.json
 
+  - runs: |
+      # Create "resolutions" section of package.json
+      jq '.resolutions |= (if . then . else {} end)' package.json > temp.json && mv temp.json package.json
+      for override in '"**/hoek"="npm:@hapi/hoek@>=8.5.1"'; do
+        jq ".resolutions.${override}" package.json > temp.json && mv temp.json package.json
+      done
+
   - runs: |
       set -x
 
@@ -113,6 +124,13 @@ subpackages:
 
           node /home/build/scripts/plugin_helpers build --allow-root --skip-archive
 
+          if [ ${{range.value}} = "reportsDashboards" ]
+          then
+            # Remove a test directory of the `resolver` package to prevent surfacing a false-positive.
+            # See https://github.com/browserify/resolve/issues/288
+            rm -r build/opensearch-dashboards/${{range.value}}/node_modules/resolve/test
+          fi
+
           mkdir -p "${{targets.contextdir}}/usr/share/opensearch-dashboards/plugins"
           cp -r build/opensearch-dashboards/${{range.value}} "${{targets.contextdir}}/usr/share/opensearch-dashboards/plugins/"