diff --git a/CHANGELOG.md b/CHANGELOG.md index 243b276aa78a..2dd46dd6d7d6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - [Legacy Maps Plugin] Prevent reverse-tabnabbing ([#2540](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2540)) - Eliminate dependency on `got` versions older than 11.8.5 ([#2801](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2801)) - [Multi DataSource] Add explicit no spellcheck on password fields ([#2818](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2818)) +- [CVE-2022-25912] Bumps simple-git from 3.4.0 to 3.15.0 ([#3036](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3036)) ### 📈 Features/Enhancements diff --git a/package.json b/package.json index e51bf2229c9e..c5b0b8ef0dbb 100644 --- a/package.json +++ b/package.json @@ -438,7 +438,7 @@ "reselect": "^4.0.0", "resize-observer-polyfill": "^1.5.1", "selenium-webdriver": "^4.0.0-alpha.7", - "simple-git": "^3.4.0", + "simple-git": "^3.15.0", "sinon": "^7.4.2", "strip-ansi": "^6.0.0", "stylelint": "^14.5.2", diff --git a/packages/osd-opensearch/package.json b/packages/osd-opensearch/package.json index c2e52d8230a8..740c4fd7fab9 100644 --- a/packages/osd-opensearch/package.json +++ b/packages/osd-opensearch/package.json @@ -22,7 +22,7 @@ "getopts": "^2.2.5", "glob": "^7.1.7", "node-fetch": "^2.6.7", - "simple-git": "^3.4.0", + "simple-git": "^3.15.0", "tar-fs": "^2.1.0", "tree-kill": "^1.2.2", "yauzl": "^2.10.0" diff --git a/yarn.lock b/yarn.lock index 2f1073ce97f3..060d45df570c 100644 --- a/yarn.lock +++ b/yarn.lock @@ -15888,14 +15888,14 @@ signal-exit@^3.0.0, signal-exit@^3.0.2, signal-exit@^3.0.3, signal-exit@^3.0.7: resolved "https://registry.yarnpkg.com/signal-exit/-/signal-exit-3.0.7.tgz#a9a1767f8af84155114eaabd73f99273c8f59ad9" integrity sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ== -simple-git@^3.4.0: - version "3.5.0" - resolved "https://registry.yarnpkg.com/simple-git/-/simple-git-3.5.0.tgz#3c3538f4d7a1b3c8f3904412b12740bdcad9c8b1" - integrity sha512-fZsaq5nzdxQRhMNs6ESGLpMUHoL5GRP+boWPhq9pMYMKwOGZV2jHOxi8AbFFA2Y/6u4kR99HoULizSbpzaODkA== +simple-git@^3.15.0: + version "3.15.1" + resolved "https://registry.yarnpkg.com/simple-git/-/simple-git-3.15.1.tgz#57f595682cb0c2475d5056da078a05c8715a25ef" + integrity sha512-73MVa5984t/JP4JcQt0oZlKGr42ROYWC3BcUZfuHtT3IHKPspIvL0cZBnvPXF7LL3S/qVeVHVdYYmJ3LOTw4Rg== dependencies: "@kwsites/file-exists" "^1.1.1" "@kwsites/promise-deferred" "^1.1.1" - debug "^4.3.3" + debug "^4.3.4" simple-swizzle@^0.2.2: version "0.2.2"