From 7f292fb399af1632384c39b7b0ec3fc743389cc7 Mon Sep 17 00:00:00 2001 From: Manasvini B Suryanarayana Date: Tue, 19 Mar 2024 14:51:13 -0700 Subject: [PATCH] Employ a patched version of hoek that addresses CVE-2020-36604 (#6148) (#6206) Signed-off-by: Miki (cherry picked from commit 8c4f49a2200bb4622aea3ff70bb7a8c96983af5d) Co-authored-by: Miki --- package.json | 22 +++++++++++++--------- yarn.lock | 8 ++++---- 2 files changed, 17 insertions(+), 13 deletions(-) diff --git a/package.json b/package.json index edc5211389e0..bdf58db3be06 100644 --- a/package.json +++ b/package.json @@ -82,34 +82,37 @@ "url": "https://github.com/opensearch-project/opensearch-dashboards.git" }, "resolutions": { + "**/@babel/traverse": "^7.23.2", "**/@types/node": "~18.7.0", "**/ansi-regex": "^5.0.1", "**/async": "^3.2.3", "**/d3-color": "^3.1.0", "**/flat": "^5.0.2", "**/elasticsearch/agentkeepalive": "^4.5.0", + "**/es5-ext": "^0.10.63", "**/follow-redirects": "^1.15.4", "**/glob-parent": "^6.0.0", "**/hoist-non-react-statics": "^3.3.2", + "**/jest-config": "npm:@amoo-miki/jest-config@27.5.1", + "**/jest-jasmine2": "npm:@amoo-miki/jest-jasmine2@27.5.1", + "**/joi/hoek": "npm:@amoo-miki/hoek@6.1.3", "**/json-schema": "^0.4.0", "**/kind-of": ">=6.0.3", "**/loader-utils": "^2.0.4", "**/node-jose": "^2.2.0", "**/nth-check": "^2.0.1", "**/qs": "^6.11.0", + "**/semver": "^7.5.3", + "**/set-value": "^4.1.0", + "**/topo/hoek": "npm:@amoo-miki/hoek@6.1.3", "**/trim": "^0.0.3", "**/typescript": "4.0.2", "**/unset-value": "^2.0.1", "**/minimatch": "^3.0.5", - "**/jest-config": "npm:@amoo-miki/jest-config@27.5.1", - "**/jest-jasmine2": "npm:@amoo-miki/jest-jasmine2@27.5.1", - "**/semver": "^7.5.3", - "**/set-value": "^4.1.0", - "**/xml2js": "^0.5.0", - "**/yaml": "^2.2.2", "**/eslint-plugin-mocha-next/mocha": "npm:mocha@^10.1.0", - "**/@babel/traverse": "^7.23.2", - "**/es5-ext": "^0.10.63" + "**/xml2js": "^0.5.0", + "**/yaml": "^2.2.2" + }, "workspaces": { "packages": [ @@ -231,6 +234,7 @@ "uuid": "3.3.2", "whatwg-fetch": "^3.0.0", "yauzl": "^2.10.0" + }, "devDependencies": { "@babel/core": "^7.22.9", @@ -475,4 +479,4 @@ "node": ">=14.20.1 <19", "yarn": "^1.22.10" } -} \ No newline at end of file +} diff --git a/yarn.lock b/yarn.lock index e796784f6e08..af8d7748efa2 100644 --- a/yarn.lock +++ b/yarn.lock @@ -9863,10 +9863,10 @@ hmac-drbg@^1.0.1: minimalistic-assert "^1.0.0" minimalistic-crypto-utils "^1.0.1" -hoek@6.x.x: +hoek@6.x.x, "hoek@npm:@amoo-miki/hoek@6.1.3": version "6.1.3" - resolved "https://registry.yarnpkg.com/hoek/-/hoek-6.1.3.tgz#73b7d33952e01fe27a38b0457294b79dd8da242c" - integrity sha512-YXXAAhmF9zpQbC7LEcREFtXfGq5K1fmd+4PHkBq8NUqmzW3G+Dq10bI/i0KucLRwss3YYFQ0fSfoxBZYiGUqtQ== + resolved "https://registry.yarnpkg.com/@amoo-miki/hoek/-/hoek-6.1.3.tgz#621a8323985a52ae088bb38a29a06d74b73eec7e" + integrity sha512-NQRZo6rjCqAmh1Jyav6OUnHikHbluO3kIwhvnT5tPTic7OpxzgeLsWa5050+otYSL6Zy4ONuMC7WcIEXTQX49Q== hoist-non-react-statics@^3.0.0, hoist-non-react-statics@^3.1.0, hoist-non-react-statics@^3.3.0, hoist-non-react-statics@^3.3.2: version "3.3.2" @@ -16821,7 +16821,7 @@ tar@^6.0.2, tar@^6.1.11: mkdirp "^1.0.3" yallist "^4.0.0" -tcp-port-used@^1.0.2: +tcp-port-used@^1.0.1: version "1.0.2" resolved "https://registry.yarnpkg.com/tcp-port-used/-/tcp-port-used-1.0.2.tgz#9652b7436eb1f4cfae111c79b558a25769f6faea" integrity sha512-l7ar8lLUD3XS1V2lfoJlCBaeoaWo/2xfYt81hM7VlvR4RrMVFqfmzfhLVk40hAb368uitje5gPtBRL1m/DGvLA==