Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[2.11][Security] Bump all babel dependencies from 7.16.x to 7.22.9 (#5428) #5482

Closed
wants to merge 1 commit into from
Closed

[2.11][Security] Bump all babel dependencies from 7.16.x to 7.22.9 (#5428) #5482

wants to merge 1 commit into from

Conversation

ananzh
Copy link
Member

@ananzh ananzh commented Nov 15, 2023

Description

  • chore: Bump all babel dependencies from 7.16.x to 7.22.9

Update proposal plugins to their transform equivalents

Issue Resolve

CVE-2023-45133

Backport PR

#5428

Check List

  • All tests pass
    • yarn test:jest
    • yarn test:jest_integration
  • New functionality includes testing.
  • New functionality has been documented.
  • Update CHANGELOG.md
  • Commits are signed per the DCO using --signoff

@codecov Codecov
Copy link

codecov bot commented Nov 16, 2023
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (034aa49) 66.79% compared to head (fe94406) 66.97%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             2.11    #5482      +/-   ##
==========================================
+ Coverage   66.79%   66.97%   +0.18%     
==========================================
  Files        3284     3284              
  Lines       63167    63236      +69     
  Branches    10048    10048              
==========================================
+ Hits        42190    42355     +165     
+ Misses      18469    18444      -25     
+ Partials     2508     2437      -71
Flag Coverage Δ
Linux_1 35.25% <ø> (-0.01%) ⬇️
Linux_2 55.09% <ø> (?)
Linux_3 43.84% <ø> (?)
Linux_4 35.48% <ø> (?)
Windows_1 35.27% <ø> (+<0.01%) ⬆️
Windows_2 55.06% <ø> (-0.13%) ⬇️
Windows_3 43.85% <ø> (+<0.01%) ⬆️
Windows_4 35.48% <ø> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@AMoo-Miki AMoo-Miki mentioned this pull request Nov 16, 2023
Merged
7 tasks
@joshuarrrr @AMoo-Miki
[2.11][Security] Bump all babel dependencies from 7.16.x to 7.22.9 (
fe94406 
opensearch-project#5428)

* chore: Bump all babel dependencies from `7.16.x` to `7.22.9`

Update proposal plugins to their transform equivalents

Resolves CVE-2023-45133

Backport PR
opensearch-project#5428

---------

Signed-off-by: Josh Romero <rmerqg@amazon.com>
Signed-off-by: Miki <miki@amazon.com>
@AMoo-Miki AMoo-Miki added the v2.11.1 Issues targeting release v2.11.1 label Nov 16, 2023
@AMoo-Miki
Copy link
Collaborator

AMoo-Miki commented Nov 16, 2023
edited
Loading

I see evidence that this might cause some conflicts with plugins. Before merging in, let's make sure there are none.

Note: https://github.com/opensearch-project/alerting-dashboards-plugin/blob/2.11/package.json#L34 will conflict with this PR.

Additionally, this is not needed to resolve the CVE as the current yarn.lock uses a safe version of @babel/traverse.

@AMoo-Miki
Copy link
Collaborator

Spoke to Josh. Holding this from 2.11.1.

@AMoo-Miki AMoo-Miki closed this Nov 16, 2023
@ananzh ananzh mentioned this pull request Nov 16, 2023
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kavilla kavilla Awaiting requested review from kavilla kavilla is a code owner

@seanneumann seanneumann Awaiting requested review from seanneumann

@AMoo-Miki AMoo-Miki Awaiting requested review from AMoo-Miki AMoo-Miki is a code owner

@ashwin-pc ashwin-pc Awaiting requested review from ashwin-pc ashwin-pc is a code owner

@joshuarrrr joshuarrrr Awaiting requested review from joshuarrrr joshuarrrr is a code owner

@abbyhu2000 abbyhu2000 Awaiting requested review from abbyhu2000 abbyhu2000 is a code owner

@zengyan-amazon zengyan-amazon Awaiting requested review from zengyan-amazon zengyan-amazon is a code owner

@kristenTian kristenTian Awaiting requested review from kristenTian

@zhongnansu zhongnansu Awaiting requested review from zhongnansu zhongnansu is a code owner

@manasvinibs manasvinibs Awaiting requested review from manasvinibs manasvinibs is a code owner

@ZilongX ZilongX Awaiting requested review from ZilongX ZilongX is a code owner

@Flyingliuhub Flyingliuhub Awaiting requested review from Flyingliuhub Flyingliuhub is a code owner

@BSFishy BSFishy Awaiting requested review from BSFishy

Assignees
No one assigned
Labels
v2.11.1 Issues targeting release v2.11.1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ananzh @AMoo-Miki @joshuarrrr