From 4081cacdf1ea155f7b525b683cea2d296592595b Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 28 Jun 2023 23:50:36 +0000 Subject: [PATCH] [CVE-2022-1537][CVE-2022-0436][1.x]bump grunt from 1.4.1 to 1.5.3 (#3723) Main bump grunt via this PR: https://github.com/opensearch-project/OpenSearch-Dashboards/pull/1580 In 1.x, bump grunt is different because v1.5.3 requires node>=8 and no breaking changes. This is the latest version with no node conflicts. grunt requires node>=16 sincev1.6.0 . Therefore, we should be very specific and limit the bump range. Issue Resolve: https://github.com/opensearch-project/OpenSearch-Dashboards/issues/1579 https://github.com/opensearch-project/OpenSearch-Dashboards/issues/1450 Signed-off-by: Anan Zhuang Co-authored-by: Josh Romero (cherry picked from commit 65deacbe79825cddfac04ce653c3455d5578d371) Signed-off-by: github-actions[bot] # Conflicts: # CHANGELOG.md --- yarn.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/yarn.lock b/yarn.lock index 750d8ad21c4..1b521a5a15e 100644 --- a/yarn.lock +++ b/yarn.lock @@ -9603,7 +9603,7 @@ findup-sync@^4.0.0: findup-sync@~0.3.0: version "0.3.0" resolved "https://registry.yarnpkg.com/findup-sync/-/findup-sync-0.3.0.tgz#37930aa5d816b777c03445e1966cc6790a4c0b16" - integrity sha1-N5MKpdgWt3fANEXhlmzGeQpMCxY= + integrity sha512-z8Nrwhi6wzxNMIbxlrTzuUW6KWuKkogZ/7OdDVq+0+kxn77KUH1nipx8iU6suqkHqc4y6n7a9A8IpmxY/pTjWg== dependencies: glob "~5.0.0" @@ -10219,7 +10219,7 @@ glob@^7.0.0, glob@^7.0.3, glob@^7.1.1, glob@^7.1.2, glob@^7.1.3, glob@^7.1.4, gl glob@~5.0.0: version "5.0.15" resolved "https://registry.yarnpkg.com/glob/-/glob-5.0.15.tgz#1bc936b9e02f4a603fcc222ecf7633d30b8b93b1" - integrity sha1-G8k2ueAvSmA/zCIuz3Yz0wuLk7E= + integrity sha512-c9IPMazfRITpmAAKi22dK1VKxGDX9ehhqfABDriL/lzO92xcUKEJPQHrVA/2YHSNFB4iFlykVmWvwo48nr3OxA== dependencies: inflight "^1.0.4" inherits "2"