From 6c89b0020b707bc551538da99fdc9ce9d6180b29 Mon Sep 17 00:00:00 2001 From: ananzh Date: Wed, 13 Sep 2023 23:40:29 +0000 Subject: [PATCH] [1.3][CVE-2022-21670] Bump markdown-it from 10.0.0 to 12.3.2 Signed-off-by: ananzh --- CHANGELOG.md | 1 + package.json | 2 +- packages/osd-dev-utils/package.json | 2 +- packages/osd-release-notes/package.json | 2 +- yarn.lock | 35 ++++++++++++++----------- 5 files changed, 24 insertions(+), 18 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 83a60b15607..2008f248039 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -36,6 +36,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - [CVE-2022-1537] Bump grunt from `1.4.1` to `1.5.3` ([#3723](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3723)) - [CVE-2022-0436] Bump grunt from `1.4.1` to `1.5.3` ([#3723](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3723)) - [CVE-2023-26136] Resolve `tough-cookie` to `4.1.3` ([#4682](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/4682)) +- [CVE-2022-21670] Bump `markdown-it` from `10.0.0` to `12.3.2` ([#5016](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5016)) ### 📈 Features/Enhancements diff --git a/package.json b/package.json index 7a28d6b555d..58474730465 100644 --- a/package.json +++ b/package.json @@ -450,7 +450,7 @@ "listr": "^0.14.1", "load-grunt-config": "^3.0.1", "load-json-file": "^6.2.0", - "markdown-it": "^10.0.0", + "markdown-it": "^12.3.2", "mocha": "^7.2.0", "mock-fs": "^4.12.0", "monaco-editor": "~0.17.0", diff --git a/packages/osd-dev-utils/package.json b/packages/osd-dev-utils/package.json index 579d584c4fa..2c5ca284974 100644 --- a/packages/osd-dev-utils/package.json +++ b/packages/osd-dev-utils/package.json @@ -24,7 +24,7 @@ "getopts": "^2.2.5", "globby": "^8.0.1", "load-json-file": "^6.2.0", - "markdown-it": "^10.0.0", + "markdown-it": "^12.3.2", "moment": "^2.24.0", "normalize-path": "^3.0.0", "rxjs": "^6.5.5", diff --git a/packages/osd-release-notes/package.json b/packages/osd-release-notes/package.json index 9bf58eeb4e6..38b3d2713f8 100644 --- a/packages/osd-release-notes/package.json +++ b/packages/osd-release-notes/package.json @@ -21,7 +21,7 @@ "terminal-link": "^2.1.1" }, "devDependencies": { - "markdown-it": "^10.0.0", + "markdown-it": "^12.3.2", "typescript": "4.0.2" } } diff --git a/yarn.lock b/yarn.lock index 802017af8f2..c58a31d4e9d 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4303,6 +4303,11 @@ argparse@^1.0.7, argparse@~1.0.9: dependencies: sprintf-js "~1.0.2" +argparse@^2.0.1: + version "2.0.1" + resolved "https://registry.yarnpkg.com/argparse/-/argparse-2.0.1.tgz#246f50f3ca78a3240f6c997e8a9bd1eac49e4b38" + integrity sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q== + aria-hidden@^1.1.1: version "1.1.1" resolved "https://registry.yarnpkg.com/aria-hidden/-/aria-hidden-1.1.1.tgz#0c356026d3f65e2bd487a3adb73f0c586be2c37e" @@ -8214,10 +8219,10 @@ entities@^1.1.1, entities@~1.1.1: resolved "https://registry.yarnpkg.com/entities/-/entities-1.1.2.tgz#bdfa735299664dfafd34529ed4f8522a275fea56" integrity sha512-f2LZMYl1Fzu7YSBKg+RoROelpOaNrcGmE9AZubeDfrCEia483oW4MI4VyFd5VNHIgQ/7qm1I0wUHK1eJnn2y2w== -entities@~2.0.0: - version "2.0.0" - resolved "https://registry.yarnpkg.com/entities/-/entities-2.0.0.tgz#68d6084cab1b079767540d80e56a39b423e4abf4" - integrity sha512-D9f7V0JSRwIxlRI2mjMqufDrRDnx8p+eEOz7aUM9SuvF8gsBzra0/6tbjl1m8eQHrZlYj6PxqE00hZ1SAIKPLw== +entities@~2.1.0: + version "2.1.0" + resolved "https://registry.yarnpkg.com/entities/-/entities-2.1.0.tgz#992d3129cf7df6870b96c57858c249a120f8b8b5" + integrity sha512-hCx1oky9PFrJ611mf0ifBLBRW8lUUVRlFolb5gWRfIELabBlbp9xZvrqZLZAs+NxFnbfQoeGd8wDkygjg7U85w== env-paths@^1.0.0: version "1.0.0" @@ -13544,10 +13549,10 @@ lines-and-columns@^1.1.6: resolved "https://registry.yarnpkg.com/lines-and-columns/-/lines-and-columns-1.1.6.tgz#1c00c743b433cd0a4e80758f7b64a57440d9ff00" integrity sha1-HADHQ7QzzQpOgHWPe2SldEDZ/wA= -linkify-it@^2.0.0: - version "2.0.3" - resolved "https://registry.yarnpkg.com/linkify-it/-/linkify-it-2.0.3.tgz#d94a4648f9b1c179d64fa97291268bdb6ce9434f" - integrity sha1-2UpGSPmxwXnWT6lykSaL22zpQ08= +linkify-it@^3.0.1: + version "3.0.3" + resolved "https://registry.yarnpkg.com/linkify-it/-/linkify-it-3.0.3.tgz#a98baf44ce45a550efb4d49c769d07524cc2fa2e" + integrity sha512-ynTsyrFSdE5oZ/O9GEf00kPngmOfVwazR5GKDq6EYfhlpFug3J2zybX56a2PRRpc9P+FuSoGNAwjlbDs9jJBPQ== dependencies: uc.micro "^1.0.1" @@ -14207,14 +14212,14 @@ markdown-escapes@^1.0.0: resolved "https://registry.yarnpkg.com/markdown-escapes/-/markdown-escapes-1.0.1.tgz#1994df2d3af4811de59a6714934c2b2292734518" integrity sha1-GZTfLTr0gR3lmmcUk0wrIpJzRRg= -markdown-it@^10.0.0: - version "10.0.0" - resolved "https://registry.yarnpkg.com/markdown-it/-/markdown-it-10.0.0.tgz#abfc64f141b1722d663402044e43927f1f50a8dc" - integrity sha512-YWOP1j7UbDNz+TumYP1kpwnP0aEa711cJjrAQrzd0UXlbJfc5aAq0F/PZHjiioqDC1NKgvIMX+o+9Bk7yuM2dg== +markdown-it@^12.3.2: + version "12.3.2" + resolved "https://registry.yarnpkg.com/markdown-it/-/markdown-it-12.3.2.tgz#bf92ac92283fe983fe4de8ff8abfb5ad72cd0c90" + integrity sha512-TchMembfxfNVpHkbtriWltGWc+m3xszaRD0CZup7GFFhzIgQqxIfn3eGj1yZpfuflzPvfkt611B2Q/Bsk1YnGg== dependencies: - argparse "^1.0.7" - entities "~2.0.0" - linkify-it "^2.0.0" + argparse "^2.0.1" + entities "~2.1.0" + linkify-it "^3.0.1" mdurl "^1.0.1" uc.micro "^1.0.5"