Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CVE] Bump loader-utils to 2.0.4 to fix CVE-2022-37599 and CVE-2022-37603 #2995

Merged
merged 1 commit into from
Dec 1, 2022
Merged

[CVE] Bump loader-utils to 2.0.4 to fix CVE-2022-37599 and CVE-2022-37603 #2995

merged 1 commit into from
Dec 1, 2022

Conversation

ZilongX
Copy link
Collaborator

@ZilongX ZilongX commented Dec 1, 2022
edited

Signed-off-by: Zilong Xia zilongx@amazon.com

Description

Issues Resolved

Resolved #2560

Check List

  • All tests pass
    • yarn test:jest
    • yarn test:jest_integration
    • yarn test:ftr
  • New functionality includes testing.
  • New functionality has been documented.
  • Update CHANGELOG.md
  • Commits are signed per the DCO using --signoff

@ZilongX
[CVE] Bump loader-utils to 2.0.4 to fix CVE-2022-37599 and CVE-2022-3…
bcf1b1e 
…7603

Signed-off-by: Zilong Xia <zilongx@amazon.com>
@ZilongX ZilongX added v1.3.7 Mend: dependency security vulnerability Security vulnerability detected by Mend cve Security vulnerabilities detected by Dependabot or Mend labels Dec 1, 2022
@zhongnansu
Copy link
Member

waiting for CI to pass, then I'll merge

@AMoo-Miki AMoo-Miki merged commit 38a30df into opensearch-project:1.x Dec 1, 2022
@AMoo-Miki AMoo-Miki mentioned this pull request Dec 1, 2022
Merged
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Dec 1, 2022
Merged
opensearch-trigger-bot bot pushed a commit that referenced this pull request Dec 1, 2022
@github-actions
[CVE] Bump loader-utils to 2.0.4 to fix CVE-2022-37599 and CVE-2022-3…
7254b6a 
…7603 (#2995)

Signed-off-by: Zilong Xia <zilongx@amazon.com>

Signed-off-by: Zilong Xia <zilongx@amazon.com>
(cherry picked from commit 38a30df)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
AMoo-Miki pushed a commit that referenced this pull request Dec 2, 2022
@opensearch-trigger-bot @github-actions
[CVE] Bump loader-utils to 2.0.4 to fix CVE-2022-37599 and CVE-2022-3…
55a8bea 
…7603 (#2995) (#3002)

Signed-off-by: Zilong Xia <zilongx@amazon.com>

Signed-off-by: Zilong Xia <zilongx@amazon.com>
(cherry picked from commit 38a30df)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

Signed-off-by: Zilong Xia <zilongx@amazon.com>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AMoo-Miki AMoo-Miki AMoo-Miki approved these changes

@zhongnansu zhongnansu zhongnansu approved these changes

@ananzh ananzh Awaiting requested review from ananzh ananzh is a code owner

@joshuarrrr joshuarrrr Awaiting requested review from joshuarrrr joshuarrrr is a code owner

@kristenTian kristenTian Awaiting requested review from kristenTian

Assignees
No one assigned
Labels
backport 1.3 cve Security vulnerabilities detected by Dependabot or Mend Mend: dependency security vulnerability Security vulnerability detected by Mend v1.3.7
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@ZilongX @zhongnansu @AMoo-Miki @joshuarrrr