[2.11][Security] Bump all babel dependencies from 7.16.x to 7.22.9 (#5428)

CHANGELOG.md

@@ -11,6 +11,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Bump version of tinygradient from 0.4.3 to 1.1.5 ([#4742](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/4742))
 - Bump lmdb from 2.8.0 to 2.8.5 ([#4804](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/4804))
 - Alias and bump mocha ([#4874](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/4874))
+- [CVE-2023-45133] Bump all babel dependencies from `7.16.x` to `7.22.9` to fix upstream vulnerability ([#5428](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5428))
 
 ### 📈 Features/Enhancements
 - [Vis colors] Update legacy mapped colors in charts plugin to use ouiPaletteColorBlind() ([#4398](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/4398))

package.json

@@ -230,10 +230,10 @@
     "yauzl": "^2.10.0"
   },
   "devDependencies": {
-    "@babel/core": "^7.16.5",
-    "@babel/parser": "^7.16.6",
-    "@babel/register": "^7.16.5",
-    "@babel/types": "^7.16.0",
+    "@babel/core": "^7.22.9",
+    "@babel/parser": "^7.22.9",
+    "@babel/register": "^7.22.9",
+    "@babel/types": "^7.22.9",
     "@elastic/apm-rum": "^5.6.1",
     "@elastic/charts": "31.1.0",
     "@elastic/ems-client": "7.10.0",

packages/osd-analytics/babel.config.js

@@ -30,7 +30,7 @@
 
 // We can't use common OpenSearch Dashboards presets here because of babel versions incompatibility
 module.exports = {
-  plugins: ['@babel/plugin-proposal-class-properties'],
+  plugins: ['@babel/plugin-transform-class-properties'],
   env: {
     web: {
       presets: ['@osd/babel-preset/webpack_preset'],

packages/osd-analytics/package.json

@@ -14,7 +14,7 @@
     "osd:watch": "../../scripts/use_node scripts/build --source-maps --watch"
   },
   "devDependencies": {
-    "@babel/cli": "^7.16.0",
+    "@babel/cli": "^7.22.9",
     "@osd/dev-utils": "1.0.0",
     "@osd/babel-preset": "1.0.0",
     "typescript": "4.0.2"

packages/osd-babel-preset/common_preset.js

@@ -29,30 +29,23 @@
  */
 
 const plugins = [
+  '@babel/plugin-transform-class-properties',
+  '@babel/plugin-transform-private-methods',
   require.resolve('babel-plugin-add-module-exports'),
 
-  // The class properties proposal was merged with the private fields proposal
-  // into the "class fields" proposal which is stage 3.
-  // See https://github.com/babel/proposals/issues/12 for progress
-  require.resolve('@babel/plugin-proposal-class-properties'),
-
   // Optional Chaining proposal is stage 4 (https://github.com/tc39/proposal-optional-chaining)
   // Need this since we are using TypeScript 3.7+
-  require.resolve('@babel/plugin-proposal-optional-chaining'),
+  require.resolve('@babel/plugin-transform-optional-chaining'),
   // Nullish coalescing proposal is stage 4 (https://github.com/tc39/proposal-nullish-coalescing)
   // Need this since we are using TypeScript 3.7+
-  require.resolve('@babel/plugin-proposal-nullish-coalescing-operator'),
+  require.resolve('@babel/plugin-transform-nullish-coalescing-operator'),
 
   // Proposal is merged into ECMA-262 (https://github.com/tc39/proposal-export-ns-from)
   // Need this since we are using TypeScript 3.8+
-  require.resolve('@babel/plugin-proposal-export-namespace-from'),
-
-  // Proposal is merged into ECMA-262 (https://github.com/tc39/proposal-export-ns-from)
-  // Need this since we are using TypeScript 3.9+
-  require.resolve('@babel/plugin-proposal-private-methods'),
+  require.resolve('@babel/plugin-transform-export-namespace-from'),
 
   // Proposal is on stage 4 (https://github.com/tc39/proposal-logical-assignment)
-  require.resolve('@babel/plugin-proposal-logical-assignment-operators'),
+  require.resolve('@babel/plugin-transform-logical-assignment-operators'),
 ];
 
 module.exports = {

packages/osd-babel-preset/package.json

@@ -7,15 +7,13 @@
     "devOnly": true
   },
   "dependencies": {
-    "@babel/plugin-proposal-class-properties": "^7.16.5",
-    "@babel/plugin-proposal-export-namespace-from": "^7.16.5",
-    "@babel/plugin-proposal-logical-assignment-operators": "^7.16.5",
-    "@babel/plugin-proposal-nullish-coalescing-operator": "^7.16.5",
-    "@babel/plugin-proposal-optional-chaining": "^7.16.5",
-    "@babel/plugin-proposal-private-methods": "^7.16.5",
-    "@babel/preset-env": "^7.16.5",
-    "@babel/preset-react": "^7.16.5",
-    "@babel/preset-typescript": "^7.16.5",
+    "@babel/plugin-transform-export-namespace-from": "^7.22.9",
+    "@babel/plugin-transform-logical-assignment-operators": "^7.22.9",
+    "@babel/plugin-transform-nullish-coalescing-operator": "^7.22.9",
+    "@babel/plugin-transform-optional-chaining": "^7.22.9",
+    "@babel/preset-env": "^7.22.9",
+    "@babel/preset-react": "^7.22.9",
+    "@babel/preset-typescript": "^7.22.9",
     "babel-plugin-add-module-exports": "^1.0.4",
     "babel-plugin-styled-components": "^2.0.2",
     "babel-plugin-transform-react-remove-prop-types": "^0.4.24",

packages/osd-dev-utils/package.json

@@ -13,7 +13,7 @@
     "devOnly": true
   },
   "dependencies": {
-    "@babel/core": "^7.16.5",
+    "@babel/core": "^7.22.9",
     "@osd/utils": "1.0.0",
     "axios": "^0.27.2",
     "chalk": "^4.1.0",

packages/osd-i18n/package.json

@@ -7,8 +7,8 @@
   "license": "Apache-2.0",
   "private": true,
   "devDependencies": {
-    "@babel/cli": "^7.16.0",
-    "@babel/core": "^7.16.5",
+    "@babel/cli": "^7.22.9",
+    "@babel/core": "^7.22.9",
     "@osd/babel-preset": "1.0.0",
     "@osd/dev-utils": "1.0.0",
     "@types/intl-relativeformat": "^2.1.0",

packages/osd-interpreter/package.json

@@ -9,16 +9,16 @@
     "osd:watch": "../../scripts/use_node scripts/build --dev --watch"
   },
   "dependencies": {
-    "@babel/runtime": "^7.16.5",
+    "@babel/runtime": "^7.22.9",
     "@osd/i18n": "1.0.0",
     "lodash": "^4.17.21",
     "uuid": "3.3.2"
   },
   "devDependencies": {
-    "@babel/cli": "^7.16.0",
-    "@babel/core": "^7.16.5",
-    "@babel/plugin-transform-modules-commonjs": "^7.16.5",
-    "@babel/plugin-transform-runtime": "^7.16.5",
+    "@babel/cli": "^7.22.9",
+    "@babel/core": "^7.22.9",
+    "@babel/plugin-transform-modules-commonjs": "^7.22.9",
+    "@babel/plugin-transform-runtime": "^7.22.9",
     "@osd/babel-preset": "1.0.0",
     "@osd/dev-utils": "1.0.0",
     "babel-loader": "^8.2.3",

packages/osd-opensearch/package.json

@@ -29,7 +29,7 @@
   },
   "devDependencies": {
     "@osd/babel-preset": "1.0.0",
-    "@babel/cli": "^7.16.0",
+    "@babel/cli": "^7.22.9",
     "del": "^6.1.1"
   }
 }

packages/osd-optimizer/package.json

@@ -10,8 +10,8 @@
     "osd:watch": "yarn build --watch"
   },
   "dependencies": {
-    "@babel/cli": "^7.16.0",
-    "@babel/core": "^7.16.5",
+    "@babel/cli": "^7.22.9",
+    "@babel/core": "^7.22.9",
     "@osd/babel-preset": "1.0.0",
     "@osd/cross-platform": "1.0.0",
     "@osd/dev-utils": "1.0.0",

packages/osd-pm/package.json

@@ -13,11 +13,9 @@
     "prettier": "prettier --write './src/**/*.ts'"
   },
   "devDependencies": {
-    "@babel/core": "^7.16.5",
-    "@babel/plugin-proposal-class-properties": "^7.16.5",
-    "@babel/plugin-proposal-object-rest-spread": "^7.16.5",
-    "@babel/preset-env": "^7.16.5",
-    "@babel/preset-typescript": "^7.16.5",
+    "@babel/core": "^7.22.9",
+    "@babel/preset-env": "^7.22.9",
+    "@babel/preset-typescript": "^7.22.9",
     "@node-rs/xxhash": "^1.3.0",
     "@osd/babel-preset": "1.0.0",
     "@osd/dev-utils": "1.0.0",

packages/osd-test/package.json

@@ -13,7 +13,7 @@
     "devOnly": true
   },
   "devDependencies": {
-    "@babel/cli": "^7.16.0",
+    "@babel/cli": "^7.22.9",
     "@osd/babel-preset": "1.0.0",
     "@osd/dev-utils": "1.0.0",
     "@osd/utils": "1.0.0",