Employ a patched version of hoek that addresses CVE-2020-36604 (opens…

…earch-project#6148) (opensearch-project#6206) Signed-off-by: Miki <[email protected]> (cherry picked from commit 8c4f49a) Co-authored-by: Miki <[email protected]>
xinruiba · Mar 19, 2024 · 7f292fb · 7f292fb
1 parent 096a26f
commit 7f292fb
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 13 deletions.
diff --git a/package.json b/package.json
@@ -82,34 +82,37 @@
     "url": "https://github.com/opensearch-project/opensearch-dashboards.git"
   },
   "resolutions": {
+    "**/@babel/traverse": "^7.23.2",
     "**/@types/node": "~18.7.0",
     "**/ansi-regex": "^5.0.1",
     "**/async": "^3.2.3",
     "**/d3-color": "^3.1.0",
     "**/flat": "^5.0.2",
     "**/elasticsearch/agentkeepalive": "^4.5.0",
+    "**/es5-ext": "^0.10.63",
     "**/follow-redirects": "^1.15.4",
     "**/glob-parent": "^6.0.0",
     "**/hoist-non-react-statics": "^3.3.2",
+    "**/jest-config": "npm:@amoo-miki/[email protected]",
+    "**/jest-jasmine2": "npm:@amoo-miki/[email protected]",
+    "**/joi/hoek": "npm:@amoo-miki/[email protected]",
     "**/json-schema": "^0.4.0",
     "**/kind-of": ">=6.0.3",
     "**/loader-utils": "^2.0.4",
     "**/node-jose": "^2.2.0",
     "**/nth-check": "^2.0.1",
     "**/qs": "^6.11.0",
+    "**/semver": "^7.5.3",
+    "**/set-value": "^4.1.0",
+    "**/topo/hoek": "npm:@amoo-miki/[email protected]",
     "**/trim": "^0.0.3",
     "**/typescript": "4.0.2",
     "**/unset-value": "^2.0.1",
     "**/minimatch": "^3.0.5",
-    "**/jest-config": "npm:@amoo-miki/[email protected]",
-    "**/jest-jasmine2": "npm:@amoo-miki/[email protected]",
-    "**/semver": "^7.5.3",
-    "**/set-value": "^4.1.0",
-    "**/xml2js": "^0.5.0",
-    "**/yaml": "^2.2.2",
     "**/eslint-plugin-mocha-next/mocha": "npm:mocha@^10.1.0",
-    "**/@babel/traverse": "^7.23.2",
-    "**/es5-ext": "^0.10.63"
+    "**/xml2js": "^0.5.0",
+    "**/yaml": "^2.2.2"
+
   },
   "workspaces": {
     "packages": [
@@ -231,6 +234,7 @@
     "uuid": "3.3.2",
     "whatwg-fetch": "^3.0.0",
     "yauzl": "^2.10.0"
+
   },
   "devDependencies": {
     "@babel/core": "^7.22.9",
@@ -475,4 +479,4 @@
     "node": ">=14.20.1 <19",
     "yarn": "^1.22.10"
   }
-}
+}
diff --git a/yarn.lock b/yarn.lock
@@ -9863,10 +9863,10 @@ hmac-drbg@^1.0.1:
     minimalistic-assert "^1.0.0"
     minimalistic-crypto-utils "^1.0.1"
 
-[email protected]:
+[email protected], "hoek@npm:@amoo-miki/[email protected]":
   version "6.1.3"
-  resolved "https://registry.yarnpkg.com/hoek/-/hoek-6.1.3.tgz#73b7d33952e01fe27a38b0457294b79dd8da242c"
-  integrity sha512-YXXAAhmF9zpQbC7LEcREFtXfGq5K1fmd+4PHkBq8NUqmzW3G+Dq10bI/i0KucLRwss3YYFQ0fSfoxBZYiGUqtQ==
+  resolved "https://registry.yarnpkg.com/@amoo-miki/hoek/-/hoek-6.1.3.tgz#621a8323985a52ae088bb38a29a06d74b73eec7e"
+  integrity sha512-NQRZo6rjCqAmh1Jyav6OUnHikHbluO3kIwhvnT5tPTic7OpxzgeLsWa5050+otYSL6Zy4ONuMC7WcIEXTQX49Q==
 
 hoist-non-react-statics@^3.0.0, hoist-non-react-statics@^3.1.0, hoist-non-react-statics@^3.3.0, hoist-non-react-statics@^3.3.2:
   version "3.3.2"
@@ -16821,7 +16821,7 @@ tar@^6.0.2, tar@^6.1.11:
     mkdirp "^1.0.3"
     yallist "^4.0.0"
 
-tcp-port-used@^1.0.2:
+tcp-port-used@^1.0.1:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/tcp-port-used/-/tcp-port-used-1.0.2.tgz#9652b7436eb1f4cfae111c79b558a25769f6faea"
   integrity sha512-l7ar8lLUD3XS1V2lfoJlCBaeoaWo/2xfYt81hM7VlvR4RrMVFqfmzfhLVk40hAb368uitje5gPtBRL1m/DGvLA==