Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CVE-2024-21538] Bump cross-spawn from 7.0.3 to 7.0.5 #421

Merged
merged 1 commit into from
Feb 5, 2025
Merged

[CVE-2024-21538] Bump cross-spawn from 7.0.3 to 7.0.5 #421

merged 1 commit into from
Feb 5, 2025

Conversation

SuZhou-Joe
Copy link
Member

@SuZhou-Joe SuZhou-Joe commented Feb 4, 2025
edited
Loading

Description

Bump cross-spawn inside lint-staged to 7.0.5

image

Issues Resolved

[List any issues this PR will resolve]

Check List

  • New functionality includes testing.
    • All tests pass, including unit test, integration test.
  • New functionality has user manual doc added.
  • Commits are signed per the DCO using --signoff.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@SuZhou-Joe SuZhou-Joe added backport 2.x Trigger the backport flow to 2.x v2.19.0 backport 2.19 labels Feb 4, 2025
@SuZhou-Joe SuZhou-Joe changed the title [CVE-2024-21538] Bump cross-spawn from 6.0.5 and 7.0.3 to 7.0.5 [CVE-2024-21538] Bump cross-spawn from 7.0.3 to 7.0.5 Feb 4, 2025
Hailong-am
Hailong-am reviewed Feb 5, 2025
View reviewed changes
package.json
@@ -43,6 +43,6 @@
"resolutions": {
"braces": "^3.0.3",
"micromatch": "^4.0.8",
"**/eslint/cross-spawn": "^7.0.5"
"cross-spawn": "^7.0.5"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we bump eslint version?

image

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We may introduce

  • version mismatch, OSD is using 6.8.0
  • breaking change

if we want to upgrade major version of eslint, I'd leave it until OSD bumps its eslint version.

@SuZhou-Joe SuZhou-Joe merged commit 7dbe2d7 into opensearch-project:main Feb 5, 2025
13 of 28 checks passed
opensearch-trigger-bot bot pushed a commit that referenced this pull request Feb 5, 2025
@github-actions
[CVE-2024-21538] Bump cross-spawn from 6.0.5 and 7.0.3 to 7.0.5 (#421)
1b3dd57 
Signed-off-by: SuZhou-Joe <[email protected]>
(cherry picked from commit 7dbe2d7)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Feb 5, 2025
Merged
opensearch-trigger-bot bot pushed a commit that referenced this pull request Feb 5, 2025
@github-actions
[CVE-2024-21538] Bump cross-spawn from 6.0.5 and 7.0.3 to 7.0.5 (#421)
d4b0cf2 
Signed-off-by: SuZhou-Joe <[email protected]>
(cherry picked from commit 7dbe2d7)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Feb 5, 2025
Merged
SuZhou-Joe pushed a commit that referenced this pull request Feb 5, 2025
@opensearch-trigger-bot @github-actions
[CVE-2024-21538] Bump cross-spawn from 6.0.5 and 7.0.3 to 7.0.5 (#421) (
9b73809 
#423)

(cherry picked from commit 7dbe2d7)

Signed-off-by: SuZhou-Joe <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
SuZhou-Joe pushed a commit that referenced this pull request Feb 5, 2025
@opensearch-trigger-bot @github-actions
[CVE-2024-21538] Bump cross-spawn from 6.0.5 and 7.0.3 to 7.0.5 (#421) (
621b7b9 
#424)

(cherry picked from commit 7dbe2d7)

Signed-off-by: SuZhou-Joe <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
hutiechuan pushed a commit to hutiechuan/dashboards-assistant that referenced this pull request Feb 6, 2025
@SuZhou-Joe
[CVE-2024-21538] Bump cross-spawn from 6.0.5 and 7.0.3 to 7.0.5 (open…
7ea0360 
…search-project#421)

Signed-off-by: SuZhou-Joe <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Hailong-am Hailong-am Hailong-am approved these changes

@lezzago lezzago Awaiting requested review from lezzago lezzago is a code owner

@joshuali925 joshuali925 Awaiting requested review from joshuali925 joshuali925 is a code owner

@anirudha anirudha Awaiting requested review from anirudha anirudha is a code owner

@ruanyl ruanyl Awaiting requested review from ruanyl ruanyl is a code owner

@xluo-aws xluo-aws Awaiting requested review from xluo-aws xluo-aws is a code owner

@gaobinlong gaobinlong Awaiting requested review from gaobinlong gaobinlong is a code owner

@wanglam wanglam Awaiting requested review from wanglam wanglam is a code owner

@raintygao raintygao Awaiting requested review from raintygao raintygao is a code owner

Assignees
No one assigned
Labels
backport 2.x Trigger the backport flow to 2.x backport 2.19 Skip-Changelog v2.19.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@SuZhou-Joe @Hailong-am