[CVE-2024-33883] Bump ejs from 3.1.7 to 3.1.10
#6770
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ananzh
requested review from
kavilla,
AMoo-Miki,
ashwin-pc,
joshuarrrr,
abbyhu2000,
zengyan-amazon,
zhongnansu,
manasvinibs,
ZilongX,
Flyingliuhub,
curq,
bandinib-amzn,
SuZhou-Joe,
ruanyl,
BionIT and
xinruiba
as code owners
opensearch-changeset-bot bot
added a commit
to ananzh/OpenSearch-Dashboards
that referenced
this pull request
May 10, 2024
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #6770 +/- ##
===========================================
- Coverage 67.38% 55.12% -12.27%
===========================================
Files 3443 1204 -2239
Lines 67795 24625 -43170
Branches 11032 4168 -6864
===========================================
- Hits 45683 13574 -32109
+ Misses 19440 10400 -9040
+ Partials 2672 651 -2021
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
virajsanghvi
approved these changes
May 15, 2024
| @@ -11,7 +11,7 @@ | |||
| "dependencies": { | |||
| "@osd/cross-platform": "1.0.0", | |||
| "@osd/dev-utils": "1.0.0", | |||
| "ejs": "^3.1.7", | |||
| "ejs": "^3.1.10", | |||
There was a problem hiding this comment.
I'm assuming the title should be update to 3.1.10 instead of 3.1.101?
There was a problem hiding this comment.
Yes. 1 should be `. Will correct it and thank you for the careful check.
virajsanghvi
suggested changes
May 15, 2024
changelogs/fragments/6770.yml
Outdated
| @@ -0,0 +1,2 @@ | |||
| security: | |||
| - [CVE-2024-33883] Bump ejs from `3.1.7` to `3.1.101 ([#6770](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6770)) | |||
There was a problem hiding this comment.
Yes. 1 should be `. Will correct it and thank you for the careful check.
Issue Resolved opensearch-project#6769 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
bandinib-amzn
requested changes
May 28, 2024
| @@ -11,7 +11,7 @@ | |||
| "dependencies": { | |||
| "@osd/cross-platform": "1.0.0", | |||
| "@osd/dev-utils": "1.0.0", | |||
| "ejs": "^3.1.7", | |||
| "ejs": "^3.1.10", | |||
ananzh
changed the title
3.1.7 to `3.1.1013.1.7 to 3.1.101
ananzh
changed the title
3.1.7 to 3.1.1013.1.7 to 3.1.10
|
@bandinib-amzn @virajsanghvi I corrected the typo. Could you two help me to re-check this fix? |
virajsanghvi
approved these changes
Jun 3, 2024
bandinib-amzn
approved these changes
Jun 3, 2024
manasvinibs
approved these changes
Jun 3, 2024
abbyhu2000
approved these changes
Jun 3, 2024
ananzh
added
cve
|
The backport to To backport manually, run these commands in your terminal: # Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/OpenSearch-Dashboards/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/OpenSearch-Dashboards/backport-2.x
# Create a new branch
git switch --create backport/backport-6770-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 016dcfd82bb93ca3e64d4eaf54d9a34795c02891
# Push it to GitHub
git push --set-upstream origin backport/backport-6770-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/OpenSearch-Dashboards/backport-2.xThen, create a pull request where the |
|
The backport to To backport manually, run these commands in your terminal: # Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/OpenSearch-Dashboards/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/OpenSearch-Dashboards/backport-2.x
# Create a new branch
git switch --create backport/backport-6770-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 016dcfd82bb93ca3e64d4eaf54d9a34795c02891
# Push it to GitHub
git push --set-upstream origin backport/backport-6770-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/OpenSearch-Dashboards/backport-2.xThen, create a pull request where the |
ananzh
added a commit
to ananzh/OpenSearch-Dashboards
that referenced
this pull request
Jun 5, 2024
Backport PR opensearch-project#6770 Issue Resolved opensearch-project#6769 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
7 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue Resolved
#6769
Changelog
3.1.7to3.1.10Check List
yarn test:jestyarn test:jest_integration