[CVE] Bump loader-utils to 2.0.4 to fix CVE-2022-37599 and CVE-2022-3…

…7603 (#2995) (#3002) Signed-off-by: Zilong Xia <zilongx@amazon.com> Signed-off-by: Zilong Xia <zilongx@amazon.com> (cherry picked from commit 38a30df) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Signed-off-by: Zilong Xia <zilongx@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
opensearch-project · Dec 2, 2022 · 55a8bea · 55a8bea
1 parent 5fdddc8
commit 55a8bea
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 7 deletions.
diff --git a/package.json b/package.json
@@ -88,7 +88,7 @@
     "**/istanbul-instrumenter-loader/schema-utils": "^1.0.0",
     "**/json-schema": "^0.4.0",
     "**/kind-of": ">=6.0.3",
-    "**/loader-utils": "^2.0.3",
+    "**/loader-utils": "^2.0.4",
     "**/lodash": "^4.17.21",
     "**/merge": "^2.1.1",
     "**/minimist": "^1.2.5",

diff --git a/packages/osd-optimizer/package.json b/packages/osd-optimizer/package.json
@@ -51,7 +51,7 @@
     "babel-loader": "^8.0.6",
     "css-loader": "^3.4.2",
     "file-loader": "^4.2.0",
-    "loader-utils": "^1.2.3",
+    "loader-utils": "^2.0.4",
     "postcss-loader": "^3.0.0",
     "raw-loader": "^3.1.0",
     "sass-loader": "^8.0.2",

diff --git a/packages/osd-ui-shared-deps/package.json b/packages/osd-ui-shared-deps/package.json
@@ -43,7 +43,7 @@
     "babel-plugin-transform-react-remove-prop-types": "^0.4.24",
     "css-loader": "^3.4.2",
     "del": "^6.1.1",
-    "loader-utils": "^1.2.3",
+    "loader-utils": "^2.0.4",
     "val-loader": "^2.1.2",
     "webpack": "^4.41.5"
   }

diff --git a/yarn.lock b/yarn.lock
@@ -13859,10 +13859,10 @@ loader-runner@^2.4.0:
   resolved "https://registry.yarnpkg.com/loader-runner/-/loader-runner-2.4.0.tgz#ed47066bfe534d7e84c4c7b9998c2a75607d9357"
   integrity sha512-Jsmr89RcXGIwivFY21FcRrisYZfvLMTWx5kOLc+JTxtpBOG6xML0vzbc6SEQG2FO9/4Fc3wW4LVcB5DmGflaRw==
 
-loader-utils@1.2.3, loader-utils@^1.0.2, loader-utils@^1.1.0, loader-utils@^1.2.3, loader-utils@^2.0.0, loader-utils@^2.0.3:
-  version "2.0.3"
-  resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-2.0.3.tgz#d4b15b8504c63d1fc3f2ade52d41bc8459d6ede1"
-  integrity sha512-THWqIsn8QRnvLl0shHYVBN9syumU8pYWEHPTmkiVGd+7K5eFNVSY6AJhRvgGF70gg1Dz+l/k8WicvFCxdEs60A==
+loader-utils@1.2.3, loader-utils@^1.0.2, loader-utils@^1.1.0, loader-utils@^1.2.3, loader-utils@^2.0.0, loader-utils@^2.0.4:
+  version "2.0.4"
+  resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-2.0.4.tgz#8b5cb38b5c34a9a018ee1fc0e6a066d1dfcc528c"
+  integrity sha512-xXqpXoINfFhgua9xiqD8fPFHgkoq1mmmpE92WlDbm9rNRd/EbRb+Gqf908T2DMfuHjjJlksiK2RbHVOdD/MqSw==
   dependencies:
     big.js "^5.2.2"
     emojis-list "^3.0.0"