From 49a318b87c29e125389b2ea0dbb16ce264aa30d0 Mon Sep 17 00:00:00 2001
From: ZilongX <99905560+ZilongX@users.noreply.github.com>
Date: Mon, 12 Jun 2023 15:53:25 -0700
Subject: [PATCH] [Backport 1.3][CVE-2022-1537] Bump grunt from 1.5.2 to 1.5.3
 (#4277)

Signed-off-by: Zilong Xia <zilongx@amazon.com>
---
 CHANGELOG.md                           | 1 +
 package.json                           | 2 +-
 packages/osd-ui-framework/package.json | 2 +-
 yarn.lock                              | 8 ++++----
 4 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2e478516224..a3277f9d55f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 
 ### 🛡 Security
 
+- [CVE-2022-1537] Bump grunt from `1.5.2` to `1.5.3` ([#4276](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/4276))
 - [CVE-2022-25858] Bump terser from `4.8.0` to `4.8.1` ([#3726](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3726))
 - [CVE-2021-3765] Update `@microsoft/api-documenter` and `@microsoft/api-extractor` versions to bump validator from `8.2.0` to `13.9.0` ([#3725](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3725))
 
diff --git a/package.json b/package.json
index 468dfdbde18..b17fc29d5b1 100644
--- a/package.json
+++ b/package.json
@@ -417,7 +417,7 @@
     "fp-ts": "^2.3.1",
     "geckodriver": "^1.21.0",
     "getopts": "^2.2.5",
-    "grunt": "^1.5.2",
+    "grunt": "~1.5.3",
     "grunt-available-tasks": "^0.6.3",
     "grunt-cli": "^1.4.3",
     "grunt-contrib-watch": "^1.1.0",
diff --git a/packages/osd-ui-framework/package.json b/packages/osd-ui-framework/package.json
index d55a45a883b..2369edcde22 100644
--- a/packages/osd-ui-framework/package.json
+++ b/packages/osd-ui-framework/package.json
@@ -42,7 +42,7 @@
     "css-loader": "^3.4.2",
     "expose-loader": "^0.7.5",
     "file-loader": "^4.2.0",
-    "grunt": "^1.5.2",
+    "grunt": "~1.5.3",
     "grunt-babel": "^8.0.0",
     "grunt-contrib-clean": "^2.0.0",
     "grunt-contrib-copy": "^1.0.0",
diff --git a/yarn.lock b/yarn.lock
index 7f6bf4431ee..750d8ad21c4 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -10677,10 +10677,10 @@ grunt-run@^0.8.1:
   dependencies:
     strip-ansi "^3.0.0"
 
-grunt@^1.5.2:
-  version "1.5.2"
-  resolved "https://registry.yarnpkg.com/grunt/-/grunt-1.5.2.tgz#46b014e28d17c85baac19d5e891bb3f04923c098"
-  integrity sha512-XCtfaIu72OyDqK24MjWiGC9SwlkuhkS1mrULr1xzuJ2XqAFhP3ZAchZGHJeSCY6mkaOXU4F7SbmmCF7xIVoC9w==
+grunt@~1.5.3:
+  version "1.5.3"
+  resolved "https://registry.yarnpkg.com/grunt/-/grunt-1.5.3.tgz#3214101d11257b7e83cf2b38ea173b824deab76a"
+  integrity sha512-mKwmo4X2d8/4c/BmcOETHek675uOqw0RuA/zy12jaspWqvTp4+ZeQF1W+OTpcbncnaBsfbQJ6l0l4j+Sn/GmaQ==
   dependencies:
     dateformat "~3.0.3"
     eventemitter2 "~0.4.13"