Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Backport 1.x][CVE] Bump loader-utils to 2.0.3 to fix CVE-2022-37601 #2707

Merged

Conversation

ZilongX
Copy link
Collaborator

@ZilongX ZilongX commented Nov 1, 2022

Signed-off-by: Zilong Xia zilongx@amazon.com

Description

Issues Resolved

Resolves #2560
Resolves #2612

Check List

  • All tests pass
    • yarn test:jest
    • yarn test:jest_integration
    • yarn test:ftr
  • New functionality includes testing.
  • New functionality has been documented.
  • Update CHANGELOG.md
  • Commits are signed per the DCO using --signoff

Signed-off-by: Zilong Xia <zilongx@amazon.com>
@ZilongX ZilongX added cve Security vulnerabilities detected by Dependabot or Mend Mend: dependency security vulnerability Security vulnerability detected by Mend v1.3.7 labels Nov 1, 2022
@ZilongX ZilongX requested a review from a team November 1, 2022 03:45
@zhongnansu zhongnansu merged commit b8f6040 into opensearch-project:1.x Nov 1, 2022
@ZilongX ZilongX deleted the backport-1.x-loader-utils branch November 1, 2022 16:30
@ashwin-pc ashwin-pc changed the title [Backport 1.x] Bump loader-utils to 2.0.3 to fix CVE-2022-37601 [Backport 1.x][CVE] Bump loader-utils to 2.0.3 to fix CVE-2022-37601 Nov 4, 2022
@opensearch-trigger-bot
Copy link
Contributor

The backport to 1.3 failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-1.3 1.3
# Navigate to the new working tree
cd .worktrees/backport-1.3
# Create a new branch
git switch --create backport/backport-2707-to-1.3
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 b8f6040e83bc5291f25c983187d04e2516986b48
# Push it to GitHub
git push --set-upstream origin backport/backport-2707-to-1.3
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-1.3

Then, create a pull request where the base branch is 1.3 and the compare/head branch is backport/backport-2707-to-1.3.

joshuarrrr pushed a commit to joshuarrrr/OpenSearch-Dashboards that referenced this pull request Nov 29, 2022
…search-project#2707)

Signed-off-by: Zilong Xia <zilongx@amazon.com>
(cherry picked from commit b8f6040)
joshuarrrr pushed a commit to joshuarrrr/OpenSearch-Dashboards that referenced this pull request Nov 30, 2022
…search-project#2707)

Signed-off-by: Zilong Xia <zilongx@amazon.com>
(cherry picked from commit b8f6040)
joshuarrrr pushed a commit to joshuarrrr/OpenSearch-Dashboards that referenced this pull request Nov 30, 2022
…search-project#2707)

Signed-off-by: Zilong Xia <zilongx@amazon.com>
(cherry picked from commit b8f6040)
joshuarrrr added a commit that referenced this pull request Dec 1, 2022
… (#2953)

Signed-off-by: Zilong Xia <zilongx@amazon.com>
(cherry picked from commit b8f6040)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport 1.3 cve Security vulnerabilities detected by Dependabot or Mend Mend: dependency security vulnerability Security vulnerability detected by Mend v1.3.7
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants