Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CVE-2024-21538] Bump cross-spawn from 6.0.5 and 7.0.3 to 7.0.5 #508

Merged
merged 2 commits into from
Jan 30, 2025
Merged

[CVE-2024-21538] Bump cross-spawn from 6.0.5 and 7.0.3 to 7.0.5 #508

merged 2 commits into from
Jan 30, 2025

Conversation

sumukhswamy
Copy link
Contributor

@sumukhswamy sumukhswamy commented Jan 30, 2025
edited
Loading

Description

[ https://github.com/advisories/GHSA-3xgq-45jj-v275 ] Bump cross-spawn from 6.0.5 and 7.0.3 to 7.0.5

Issues Resolved

[List any issues this PR will resolve]

Check List

  • New functionality includes testing.
    • All tests pass, including unit test, integration test and doctest
  • New functionality has been documented.
    • New functionality has javadoc added
    • New functionality has user manual doc added
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

joshuali925
joshuali925 reviewed Jan 30, 2025
View reviewed changes
Copy link
Member

@joshuali925 joshuali925 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this still uses 7.0.3?

dashboards-reporting/yarn.lock

Lines 2232 to 2239 in aa01e88

cross-spawn@^7.0.0:
version "7.0.3"
resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.3.tgz#f73a85b9d5d41d045551c177e2882d4ac85728a6"
integrity sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==
dependencies:
path-key "^3.1.0"
shebang-command "^2.0.0"
which "^2.0.1"

@sumukhswamy
update yarn.lock
f6d48be 
Signed-off-by: sumukhswamy <[email protected]>
@joshuali925 joshuali925 merged commit 5528e20 into opensearch-project:main Jan 30, 2025
8 of 11 checks passed
opensearch-trigger-bot bot pushed a commit that referenced this pull request Jan 30, 2025
@github-actions
[CVE-2024-21538] Bump cross-spawn from 6.0.5 and 7.0.3 to 7.0.5 (#508)
be0c336 
Signed-off-by: sumukhswamy <[email protected]>
(cherry picked from commit 5528e20)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Jan 30, 2025
Merged
ritvibhatt pushed a commit to ritvibhatt/dashboards-reporting that referenced this pull request Jan 31, 2025
@sumukhswamy
[CVE-2024-21538] Bump cross-spawn from 6.0.5 and 7.0.3 to 7.0.5 (open…
91979c1 
…search-project#508)

Signed-off-by: sumukhswamy <[email protected]>
@ritvibhatt ritvibhatt mentioned this pull request Jan 31, 2025
Merged
6 tasks
joshuali925 pushed a commit that referenced this pull request Feb 3, 2025
@opensearch-trigger-bot @github-actions
[CVE-2024-21538] Bump cross-spawn from 6.0.5 and 7.0.3 to 7.0.5 (#508) (
71bae29 
#509)

(cherry picked from commit 5528e20)

Signed-off-by: sumukhswamy <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
joshuali925 pushed a commit that referenced this pull request Feb 3, 2025
@ritvibhatt @sumukhswamy
[CVE-2024-21538] Bump cross-spawn from 6.0.5 and 7.0.3 to 7.0.5 (#508) (
4fe3e81 
#510)

Signed-off-by: sumukhswamy <[email protected]>
Co-authored-by: Sumukh Swamy <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ps48 ps48 ps48 approved these changes

@joshuali925 joshuali925 joshuali925 approved these changes

@kavithacm kavithacm Awaiting requested review from kavithacm kavithacm is a code owner

@derek-ho derek-ho Awaiting requested review from derek-ho derek-ho is a code owner

@dai-chen dai-chen Awaiting requested review from dai-chen dai-chen is a code owner

@YANG-DB YANG-DB Awaiting requested review from YANG-DB YANG-DB is a code owner

@mengweieric mengweieric Awaiting requested review from mengweieric mengweieric is a code owner

@Swiddis Swiddis Awaiting requested review from Swiddis Swiddis is a code owner

@penghuo penghuo Awaiting requested review from penghuo penghuo is a code owner

@seankao-az seankao-az Awaiting requested review from seankao-az seankao-az is a code owner

@anirudha anirudha Awaiting requested review from anirudha anirudha is a code owner

Assignees
No one assigned
Labels
backport 2.x
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sumukhswamy @ps48 @joshuali925