Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Backport 2.x][CVE] Bump loader-utils to 2.0.3 to fix CVE-2022-37601 #2706

Merged

Conversation

ZilongX
Copy link
Collaborator

@ZilongX ZilongX commented Nov 1, 2022

Signed-off-by: Zilong Xia zilongx@amazon.com

Description

Issues Resolved

Resolves #2560
Resolves #2612

Check List

  • All tests pass
    • yarn test:jest
    • yarn test:jest_integration
    • yarn test:ftr
  • New functionality includes testing.
  • New functionality has been documented.
  • Update CHANGELOG.md
  • Commits are signed per the DCO using --signoff

Signed-off-by: Zilong Xia <zilongx@amazon.com>
@ZilongX ZilongX requested a review from a team as a code owner November 1, 2022 03:28
@ZilongX ZilongX added Mend: dependency security vulnerability Security vulnerability detected by Mend cve Security vulnerabilities detected by Dependabot or Mend v2.4.0 'Issues and PRs related to version v2.4.0' labels Nov 1, 2022
@zhongnansu zhongnansu merged commit 714445d into opensearch-project:2.x Nov 1, 2022
@ZilongX ZilongX deleted the backport-2.x-loader-utils branch November 1, 2022 16:31
opensearch-trigger-bot bot pushed a commit that referenced this pull request Nov 1, 2022
Signed-off-by: Zilong Xia <zilongx@amazon.com>
(cherry picked from commit 714445d)
joshuarrrr pushed a commit that referenced this pull request Nov 3, 2022
#2722)

Signed-off-by: Zilong Xia <zilongx@amazon.com>
(cherry picked from commit 714445d)

Co-authored-by: ZilongX <99905560+ZilongX@users.noreply.github.com>
@ashwin-pc ashwin-pc changed the title [Backport 2.x]Bump loader-utils to 2.0.3 to fix CVE-2022-37601 [Backport 2.x][CVE] Bump loader-utils to 2.0.3 to fix CVE-2022-37601 Nov 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cve Security vulnerabilities detected by Dependabot or Mend Mend: dependency security vulnerability Security vulnerability detected by Mend v2.4.0 'Issues and PRs related to version v2.4.0'
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants