From 5e19749ec40230316ba2688c38e5c62f74ddb71d Mon Sep 17 00:00:00 2001
From: Anan Zhuang <ananzh@amazon.com>
Date: Tue, 2 Jul 2024 12:49:32 -0700
Subject: [PATCH] [CVE-2024-37890] Bump ws from `8.5.0` to `8.17.1` and from
 `7.5.7` to `7.5.10` (#7153)

* Bump ws from 8.5.0 to 8.17.1 and from 7.5.7 to 7.5.10

Signed-off-by: Anan Zhuang <ananzh@amazon.com>

* Changeset file for PR #7153 created/updated

---------

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Co-authored-by: opensearch-changeset-bot[bot] <154024398+opensearch-changeset-bot[bot]@users.noreply.github.com>
Co-authored-by: ZilongX <99905560+ZilongX@users.noreply.github.com>
---
 changelogs/fragments/7153.yml |  2 ++
 yarn.lock                     | 12 ++++++------
 2 files changed, 8 insertions(+), 6 deletions(-)
 create mode 100644 changelogs/fragments/7153.yml

diff --git a/changelogs/fragments/7153.yml b/changelogs/fragments/7153.yml
new file mode 100644
index 00000000000..0d54f481e2c
--- /dev/null
+++ b/changelogs/fragments/7153.yml
@@ -0,0 +1,2 @@
+security:
+- [CVE-2024-37890] Bump ws from `8.5.0` to `8.17.1` and from `7.5.7` to `7.5.10` ([#7153](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/7153))
\ No newline at end of file
diff --git a/yarn.lock b/yarn.lock
index 52c3f070e45..2e7f87cc20e 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -18877,14 +18877,14 @@ write@1.0.3:
     mkdirp "^0.5.1"
 
 ws@^7.4.6:
-  version "7.5.7"
-  resolved "https://registry.yarnpkg.com/ws/-/ws-7.5.7.tgz#9e0ac77ee50af70d58326ecff7e85eb3fa375e67"
-  integrity sha512-KMvVuFzpKBuiIXW3E4u3mySRO2/mCHSyZDJQM5NQ9Q9KHWHWh0NHgfbRMLLrceUK5qAL4ytALJbpRMjixFZh8A==
+  version "7.5.10"
+  resolved "https://registry.yarnpkg.com/ws/-/ws-7.5.10.tgz#58b5c20dc281633f6c19113f39b349bd8bd558d9"
+  integrity sha512-+dbF1tHwZpXcbOJdVOkzLDxZP1ailvSxM6ZweXTegylPny803bFhA+vqBYw4s31NSAk4S2Qz+AKXK9a4wkdjcQ==
 
 ws@^8.0.0:
-  version "8.5.0"
-  resolved "https://registry.yarnpkg.com/ws/-/ws-8.5.0.tgz#bfb4be96600757fe5382de12c670dab984a1ed4f"
-  integrity sha512-BWX0SWVgLPzYwF8lTzEy1egjhS4S4OEAHfsO8o65WOVsrnSRGaSiUaa9e0ggGlkMTtBlmOpEXiie9RUcBO86qg==
+  version "8.17.1"
+  resolved "https://registry.yarnpkg.com/ws/-/ws-8.17.1.tgz#9293da530bb548febc95371d90f9c878727d919b"
+  integrity sha512-6XQFvXTkbfUOZOKKILFG1PDK2NDQs4azKQl26T0YS5CxqWLgXajbPZ+h4gZekJyRqFU8pvnbAbbs/3TgRPy+GQ==
 
 x-is-string@^0.1.0:
   version "0.1.0"