Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport 2.x][CVE] Bump loader-utils to 2.0.3 to fix CVE-2022-37601 #2706

Merged
merged 1 commit into from
Nov 1, 2022
Merged

[Backport 2.x][CVE] Bump loader-utils to 2.0.3 to fix CVE-2022-37601 #2706

merged 1 commit into from
Nov 1, 2022

Conversation

ZilongX
Copy link
Collaborator

@ZilongX ZilongX commented Nov 1, 2022

Signed-off-by: Zilong Xia zilongx@amazon.com

Description

Issues Resolved

Resolves #2560
Resolves #2612

Check List

  • All tests pass
    • yarn test:jest
    • yarn test:jest_integration
    • yarn test:ftr
  • New functionality includes testing.
  • New functionality has been documented.
  • Update CHANGELOG.md
  • Commits are signed per the DCO using --signoff

@ZilongX
[Backport 2.x]Bump loader-utils to 2.0.3 to fix CVE-2022-37601
5589088 
Signed-off-by: Zilong Xia <zilongx@amazon.com>
@ZilongX ZilongX requested a review from a team as a code owner November 1, 2022 03:28
@ZilongX ZilongX added Mend: dependency security vulnerability Security vulnerability detected by Mend cve Security vulnerabilities detected by Dependabot or Mend v2.4.0 'Issues and PRs related to version v2.4.0' labels Nov 1, 2022
@zhongnansu zhongnansu merged commit 714445d into opensearch-project:2.x Nov 1, 2022
@ZilongX ZilongX deleted the backport-2.x-loader-utils branch November 1, 2022 16:31
@AMoo-Miki AMoo-Miki mentioned this pull request Nov 1, 2022
Merged
8 tasks
opensearch-trigger-bot bot pushed a commit that referenced this pull request Nov 1, 2022
@ZilongX @github-actions
[Backport 2.x]Bump loader-utils to 2.0.3 to fix CVE-2022-37601 (#2706)
4156c20 
Signed-off-by: Zilong Xia <zilongx@amazon.com>
(cherry picked from commit 714445d)
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Nov 1, 2022
Merged
joshuarrrr pushed a commit that referenced this pull request Nov 3, 2022
@opensearch-trigger-bot @ZilongX
[Backport 2.x]Bump loader-utils to 2.0.3 to fix CVE-2022-37601 (#2706) (
ee4cdf1 
#2722)

Signed-off-by: Zilong Xia <zilongx@amazon.com>
(cherry picked from commit 714445d)

Co-authored-by: ZilongX <99905560+ZilongX@users.noreply.github.com>
@ashwin-pc ashwin-pc changed the title [Backport 2.x]Bump loader-utils to 2.0.3 to fix CVE-2022-37601 [Backport 2.x][CVE] Bump loader-utils to 2.0.3 to fix CVE-2022-37601 Nov 4, 2022
@ananzh ananzh mentioned this pull request Jan 24, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AMoo-Miki AMoo-Miki AMoo-Miki approved these changes

@zhongnansu zhongnansu zhongnansu approved these changes

Assignees
No one assigned
Labels
cve Security vulnerabilities detected by Dependabot or Mend Mend: dependency security vulnerability Security vulnerability detected by Mend v2.4.0 'Issues and PRs related to version v2.4.0'
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ZilongX @AMoo-Miki @zhongnansu