[backport 1.x][CVE-2022-0144] bump shelljs from 0.8.4 to 0.8.5 #2511
Conversation
|
Is this a backport or just bumping on the 1.x branch? Can the commit message be a little more descriptive and include the CVE resolved? Can be accomplished before merging when we have one last chance when editing the commit message. |
|
Also, is |
|
2.0 has bump to 0.8.5 |
Gotcha, do we have the original PR that this was cherry picked from? Also, #2512 implies it was able to resolve this without touching moment resolutions. |
ananzh
changed the title
yeah updated to |
|
will update commit msg after CI check done |
It is not a cve fix PR, here is the original PR for 2.0:#1409 the yeah just do a quick CI run to see if there is any conflicts. I will update commit msg |
|
@joshuarrrr @kavilla do I need to update 1.3.6 release not as well? |
|
As far as I know, it's too late to get this to 1.3.6 now - you'd need to reach out the build team to coordinate if it has to be squeezed into the release. |
|
We will pick this change into our 1.3.6 release and re-generate the release candidate for OSD. Please also update the release notes to include this. Thanks. |
|
I see function test fail https://github.com/opensearch-project/OpenSearch-Dashboards/actions/runs/3191842791/jobs/5210233465 due to SessionNotCreatedError, but I don't think it is caused by this PR. |
ananzh
changed the title
Resolves CVE-2022-0144 by bumping package shelljs to 0.8.5 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
|
@zelinh got it. I have fixed the functional test fail and include this change in the release note. |
Resolves CVE-2022-0144 by bumping package shelljs to 0.8.5 Signed-off-by: Anan Zhuang <ananzh@amazon.com> (cherry picked from commit 38790c5)
Resolves CVE-2022-0144 by bumping package shelljs to 0.8.5 Signed-off-by: Anan Zhuang <ananzh@amazon.com> (cherry picked from commit 38790c5) Co-authored-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Anan Zhuang ananzh@amazon.com
Check List
yarn test:jestyarn test:jest_integrationyarn test:ftr