From 46ddda7246015aab0d9272815453dbf692564ee4 Mon Sep 17 00:00:00 2001 From: Shenoy Pratik Date: Tue, 11 Jan 2022 13:33:15 -0800 Subject: [PATCH 1/2] CVE fix:json-schema, gson & glob-parent Signed-off-by: Shenoy Pratik --- dashboards-observability/package.json | 5 +++-- opensearch-observability/build.gradle | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/dashboards-observability/package.json b/dashboards-observability/package.json index 8b92745a0..751f8e7f4 100644 --- a/dashboards-observability/package.json +++ b/dashboards-observability/package.json @@ -37,7 +37,8 @@ "prismjs": "^1.22.0", "trim": "^1.0.0", "lodash": "^4.17.21", - "glob-parent": "^5.1.2", - "ansi-regex": "^5.0.1" + "glob-parent": "^6.0.1", + "ansi-regex": "^5.0.1", + "json-schema": "^0.4.0" } } diff --git a/opensearch-observability/build.gradle b/opensearch-observability/build.gradle index f2e5e1a49..6535ac37b 100644 --- a/opensearch-observability/build.gradle +++ b/opensearch-observability/build.gradle @@ -137,7 +137,7 @@ dependencies { testCompile "org.jetbrains.kotlin:kotlin-test:${kotlin_version}" testImplementation "com.nhaarman.mockitokotlin2:mockito-kotlin:2.2.0" testCompile "org.mockito:mockito-core:3.12.4" - testCompile "com.google.code.gson:gson:2.8.6" + testCompile "com.google.code.gson:gson:2.8.9" ktlint "com.pinterest:ktlint:0.41.0" } From 29e861dc0a80ee3aaf56d2231474d347857baef0 Mon Sep 17 00:00:00 2001 From: Shenoy Pratik Date: Tue, 11 Jan 2022 14:47:38 -0800 Subject: [PATCH 2/2] updated yarn.lock Signed-off-by: Shenoy Pratik --- dashboards-observability/yarn.lock | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/dashboards-observability/yarn.lock b/dashboards-observability/yarn.lock index a70b8bbde..75c63573b 100644 --- a/dashboards-observability/yarn.lock +++ b/dashboards-observability/yarn.lock @@ -1365,12 +1365,12 @@ getpass@^0.1.1: dependencies: assert-plus "^1.0.0" -glob-parent@^5.0.0, glob-parent@^5.1.2: - version "5.1.2" - resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-5.1.2.tgz#869832c58034fe68a4093c17dc15e8340d8401c4" - integrity sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow== +glob-parent@^5.0.0, glob-parent@^6.0.1: + version "6.0.2" + resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-6.0.2.tgz#6d237d99083950c79290f24c7642a3de9a28f9e3" + integrity sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A== dependencies: - is-glob "^4.0.1" + is-glob "^4.0.3" glob@^7.1.3: version "7.1.7" @@ -1685,13 +1685,20 @@ is-fullwidth-code-point@^3.0.0: resolved "https://registry.yarnpkg.com/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz#f116f8064fe90b3f7844a38997c0b75051269f1d" integrity sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg== -is-glob@^4.0.0, is-glob@^4.0.1: +is-glob@^4.0.0: version "4.0.1" resolved "https://registry.yarnpkg.com/is-glob/-/is-glob-4.0.1.tgz#7567dbe9f2f5e2467bc77ab83c4a29482407a5dc" integrity sha512-5G0tKtBTFImOqDnLB2hG6Bp2qcKEFduo4tZu9MT/H6NQv/ghhy30o55ufafxJ/LdH79LLs2Kfrn85TLKyA7BUg== dependencies: is-extglob "^2.1.1" +is-glob@^4.0.3: + version "4.0.3" + resolved "https://registry.yarnpkg.com/is-glob/-/is-glob-4.0.3.tgz#64f61e42cbbb2eec2071a9dac0b28ba1e65d5084" + integrity sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg== + dependencies: + is-extglob "^2.1.1" + is-hexadecimal@^1.0.0: version "1.0.4" resolved "https://registry.yarnpkg.com/is-hexadecimal/-/is-hexadecimal-1.0.4.tgz#cc35c97588da4bd49a8eedd6bc4082d44dcb23a7" @@ -1834,10 +1841,10 @@ json-schema-traverse@^0.4.1: resolved "https://registry.yarnpkg.com/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz#69f6a87d9513ab8bb8fe63bdb0979c448e684660" integrity sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg== -json-schema@0.2.3: - version "0.2.3" - resolved "https://registry.yarnpkg.com/json-schema/-/json-schema-0.2.3.tgz#b480c892e59a2f05954ce727bd3f2a4e882f9e13" - integrity sha1-tIDIkuWaLwWVTOcnvT8qTogvnhM= +json-schema@0.2.3, json-schema@^0.4.0: + version "0.4.0" + resolved "https://registry.yarnpkg.com/json-schema/-/json-schema-0.4.0.tgz#f7de4cf6efab838ebaeb3236474cbba5a1930ab5" + integrity sha512-es94M3nTIfsEPisRafak+HDLfHXnKBhV3vU5eqPcS3flIWqcxJWgXHXiey3YrpaNsanY5ei1VoYEbOzijuq9BA== json-stable-stringify-without-jsonify@^1.0.1: version "1.0.1"