[1.3][CVE-2021-23364] Bump browserslist from 2.11.3 to 4.21.10

* Bump browserslist from 2.11.3 to 4.21.10 * Bump autoprefixer from 7.2.6 to 10.4.15 Signed-off-by: ananzh <ananzh@amazon.com>
opensearch-project · Sep 14, 2023 · 4970cd0 · 4970cd0
1 parent 22657d7
commit 4970cd0
Show file tree

Hide file tree

Showing 7 changed files with 63 additions and 91 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -36,6 +36,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - [CVE-2022-1537] Bump grunt from `1.4.1` to `1.5.3` ([#3723](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3723))
 - [CVE-2022-0436] Bump grunt from `1.4.1` to `1.5.3` ([#3723](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3723))
 - [CVE-2023-26136] Resolve `tough-cookie` to `4.1.3` ([#4682](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/4682))
+- [CVE-2021-23364] Bump `browserslist` from `2.11.3` to `4.21.10` and `autoprefixer` from `7.2.6` to `10.4.15` ([#5023](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5023))
 
 ### 📈 Features/Enhancements
 

diff --git a/package.json b/package.json
@@ -88,6 +88,8 @@
     "**/ajv": "^6.12.6",
     "**/ansi-html": "^0.0.8",
     "**/ansi-regex": "^5.0.1",
+    "**/autoprefixer": "^10.4.1",
+    "**/browserslist": "^4.21.10",
     "!chromedriver/**/axios": "^0.21.4",
     "chromedriver/**/axios": "^0.27.2",
     "**/ejs": "^3.1.6",

diff --git a/packages/osd-optimizer/package.json b/packages/osd-optimizer/package.json
@@ -17,7 +17,7 @@
     "@osd/dev-utils": "1.0.0",
     "@osd/std": "1.0.0",
     "@osd/ui-shared-deps": "1.0.0",
-    "autoprefixer": "^9.7.4",
+    "autoprefixer": "^10.4.1",
     "clean-webpack-plugin": "^3.0.0",
     "compression-webpack-plugin": "^4.0.0",
     "cpy": "^8.0.0",

diff --git a/packages/osd-optimizer/postcss.config.js b/packages/osd-optimizer/postcss.config.js
@@ -31,5 +31,7 @@
  */
 
 module.exports = {
-  plugins: [require('autoprefixer')()],
+  plugins: [
+    /*require('autoprefixer')()*/
+  ],
 };
diff --git a/packages/osd-optimizer/src/integration_tests/__snapshots__/basic_optimization.test.ts.snap b/packages/osd-optimizer/src/integration_tests/__snapshots__/basic_optimization.test.ts.snap
diff --git a/packages/osd-plugin-helpers/src/integration_tests/build.test.ts b/packages/osd-plugin-helpers/src/integration_tests/build.test.ts
@@ -103,8 +103,10 @@ it('builds a generated plugin into a viable archive', async () => {
      info running @osd/optimizer
      │ info initialized, 0 bundles cached
      │ info starting worker [1 bundle]
-     │ warn worker stderr Browserslist: caniuse-lite is outdated. Please run:
-     │ warn worker stderr npx browserslist@latest --update-db
+     │ warn worker stderr You did not set any plugins, parser, or stringifier. Right now, PostCSS does nothing. Pick plugins for your case on https://www.postcss.parts/ and use them in postcss.config.js.
+     │ warn worker stderr You did not set any plugins, parser, or stringifier. Right now, PostCSS does nothing. Pick plugins for your case on https://www.postcss.parts/ and use them in postcss.config.js.
+     │ warn worker stderr You did not set any plugins, parser, or stringifier. Right now, PostCSS does nothing. Pick plugins for your case on https://www.postcss.parts/ and use them in postcss.config.js.
+     │ warn worker stderr You did not set any plugins, parser, or stringifier. Right now, PostCSS does nothing. Pick plugins for your case on https://www.postcss.parts/ and use them in postcss.config.js.
      │ succ 1 bundles compiled successfully after <time>
      info copying assets from \`public/assets\` to build
      info copying server source into the build and converting with babel
@@ -193,8 +195,10 @@ it('builds a non-semver generated plugin into a viable archive', async () => {
      info running @osd/optimizer
      │ info initialized, 0 bundles cached
      │ info starting worker [1 bundle]
-     │ warn worker stderr Browserslist: caniuse-lite is outdated. Please run:
-     │ warn worker stderr npx browserslist@latest --update-db
+     │ warn worker stderr You did not set any plugins, parser, or stringifier. Right now, PostCSS does nothing. Pick plugins for your case on https://www.postcss.parts/ and use them in postcss.config.js.
+     │ warn worker stderr You did not set any plugins, parser, or stringifier. Right now, PostCSS does nothing. Pick plugins for your case on https://www.postcss.parts/ and use them in postcss.config.js.
+     │ warn worker stderr You did not set any plugins, parser, or stringifier. Right now, PostCSS does nothing. Pick plugins for your case on https://www.postcss.parts/ and use them in postcss.config.js.
+     │ warn worker stderr You did not set any plugins, parser, or stringifier. Right now, PostCSS does nothing. Pick plugins for your case on https://www.postcss.parts/ and use them in postcss.config.js.
      │ succ 1 bundles compiled successfully after <time>
      info copying assets from \`public/assets\` to build
      info copying server source into the build and converting with babel