Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport 1.3] [CVE-2022-48285][1.x] Bump jszip from 3.7.1 to 3.10.1 #4011

Merged
merged 1 commit into from
May 12, 2023
Merged

[Backport 1.3] [CVE-2022-48285][1.x] Bump jszip from 3.7.1 to 3.10.1 #4011

merged 1 commit into from
May 12, 2023

Conversation

opensearch-trigger-bot[bot]
Copy link
Contributor

Backport 364832d from #3740.

@github-actions
[CVE-2022-48285][1.x] Bump jszip from 3.7.1 to 3.10.1 (#3740)
fb657c2 
* [CVE-2022-48285][1.x] Bump jszip from 3.7.1 to 3.10.1

loadAsync in JSZip before 3.8.0 allows Directory Traversal
via a crafted ZIP archive. This CVE requires to bump jszip to
3.8.0+.

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

* remove unecessary resolution

remove yarn.lock entry, clean and bootstrap

Signed-off-by: Josh Romero <rmerqg@amazon.com>

---------

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Josh Romero <rmerqg@amazon.com>
Co-authored-by: Josh Romero <rmerqg@amazon.com>
Co-authored-by: Sean Neumann <1413295+seanneumann@users.noreply.github.com>
(cherry picked from commit 364832d)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

# Conflicts:
#	CHANGELOG.md
@codecov
Copy link

codecov bot commented May 11, 2023
edited
Loading

Codecov Report

Merging #4011 (fb657c2) into 1.3 (1253c47) will increase coverage by 0.00%.
The diff coverage is n/a.

@@           Coverage Diff           @@
##              1.3    #4011   +/-   ##
=======================================
  Coverage   67.49%   67.50%           
=======================================
  Files        3044     3044           
  Lines       58692    58692           
  Branches     8902     8902           
=======================================
+ Hits        39617    39619    +2     
+ Misses      16926    16925    -1     
+ Partials     2149     2148    -1
Flag Coverage Δ
Linux 67.45% <ø> (+<0.01%) ⬆️
Windows 67.45% <ø> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 1 file with indirect coverage changes

@joshuarrrr joshuarrrr added v1.3.10 autocut Skip the changelog verification check on backports labels May 12, 2023
@kavilla kavilla merged commit 97a1ec1 into 1.3 May 12, 2023
@github-actions github-actions bot deleted the backport/backport-3740-to-1.3 branch May 12, 2023 19:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joshuarrrr joshuarrrr joshuarrrr approved these changes

@kavilla kavilla kavilla approved these changes

@ananzh ananzh Awaiting requested review from ananzh ananzh is a code owner

@seanneumann seanneumann Awaiting requested review from seanneumann

@AMoo-Miki AMoo-Miki Awaiting requested review from AMoo-Miki AMoo-Miki is a code owner

@ashwin-pc ashwin-pc Awaiting requested review from ashwin-pc ashwin-pc is a code owner

@abbyhu2000 abbyhu2000 Awaiting requested review from abbyhu2000 abbyhu2000 is a code owner

@zengyan-amazon zengyan-amazon Awaiting requested review from zengyan-amazon zengyan-amazon is a code owner

@kristenTian kristenTian Awaiting requested review from kristenTian

@zhongnansu zhongnansu Awaiting requested review from zhongnansu zhongnansu is a code owner

@manasvinibs manasvinibs Awaiting requested review from manasvinibs manasvinibs is a code owner

Assignees
No one assigned
Labels
autocut Skip the changelog verification check on backports v1.3.10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@joshuarrrr @kavilla