Skip to content

Commit

Permalink
Bumps simple-git from 3.4.0 to 3.15.0 (opensearch-project#341)
Browse files Browse the repository at this point in the history 
Resolve CVE-2022-25912. The package simple-git before 3.15.
vulnerable to Remote Code Execution (RCE)

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
  • Loading branch information
@ananzh @nhtruong
ananzh authored and nhtruong committed Feb 27, 2023
1 parent 314c0f6 commit 4ed3ab1
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
### Removed
### Fixed
### Security
- [CVE-2022-25912] Bumps simple-git from 3.4.0 to 3.15.0 ([#341](https://github.com/opensearch-project/opensearch-js/pull/341))

## [2.1]
### Added
Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@
"proxy": "^1.0.2",
"rimraf": "^3.0.2",
"semver": "^7.3.5",
"simple-git": "^3.5.0",
"simple-git": "^3.15.0",
"simple-statistics": "^7.7.0",
"split2": "^3.2.2",
"standard": "^16.0.3",
Expand Down

0 comments on commit 4ed3ab1

Please sign in to comment.