From 9d7c250434408452143176c9d89174f770cfdaf6 Mon Sep 17 00:00:00 2001
From: "opensearch-trigger-bot[bot]"
 <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com>
Date: Thu, 12 Sep 2024 17:44:26 -0700
Subject: [PATCH] [CVE-2017-16100] Use a patched version of `dns-sync` (#7811)
 (#8109) (#8145)

* [CVE-2017-16100] Use a patched version of `dns-sync`

* Changeset file for PR #7811 created/updated

---------

(cherry picked from commit dcd170aa7d6ee0d09bbd0f8d397a93e5a73d8f67)






(cherry picked from commit a8fca1c933fd9b639533530bb46942e10138d04a)

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: opensearch-changeset-bot[bot] <154024398+opensearch-changeset-bot[bot]@users.noreply.github.com>
Co-authored-by: ZilongX <99905560+ZilongX@users.noreply.github.com>
---
 changelogs/fragments/7811.yml | 2 ++
 package.json                  | 2 +-
 yarn.lock                     | 8 ++++----
 3 files changed, 7 insertions(+), 5 deletions(-)
 create mode 100644 changelogs/fragments/7811.yml

diff --git a/changelogs/fragments/7811.yml b/changelogs/fragments/7811.yml
new file mode 100644
index 000000000000..059bd35d3d21
--- /dev/null
+++ b/changelogs/fragments/7811.yml
@@ -0,0 +1,2 @@
+security:
+- [CVE-2017-16100] Use a patched version for the `dns-sync` dependency ([#7811](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/7811))
\ No newline at end of file
diff --git a/package.json b/package.json
index 56bef8bb1c94..cd063f542fd8 100644
--- a/package.json
+++ b/package.json
@@ -193,7 +193,7 @@
     "core-js": "^3.6.5",
     "deep-freeze-strict": "^1.1.1",
     "del": "^6.1.1",
-    "dns-sync": "^0.2.1",
+    "dns-sync": "npm:@amoo-miki/dns-sync@^0.2.1",
     "elastic-apm-node": "^3.43.0",
     "elasticsearch": "^16.7.0",
     "execa": "^4.0.2",
diff --git a/yarn.lock b/yarn.lock
index f716abe35d7f..928303cd386f 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -7098,10 +7098,10 @@ discontinuous-range@1.0.0:
   resolved "https://registry.yarnpkg.com/discontinuous-range/-/discontinuous-range-1.0.0.tgz#e38331f0844bba49b9a9cb71c771585aab1bc65a"
   integrity sha1-44Mx8IRLukm5qctxx3FYWqsbxlo=
 
-dns-sync@^0.2.1:
-  version "0.2.1"
-  resolved "https://registry.yarnpkg.com/dns-sync/-/dns-sync-0.2.1.tgz#c519da400b90fa2e4a30a70030a1573330c72fa9"
-  integrity sha512-VB1pDSVs82kFsZuoHQ5/Ysx62WiIfDGn9sx/x55EoVyk8pLwdqWGB2XCaDDOusBllb+1y3XRijscFPJJfpbFiw==
+"dns-sync@npm:@amoo-miki/dns-sync@^0.2.1":
+  version "0.2.2"
+  resolved "https://registry.yarnpkg.com/@amoo-miki/dns-sync/-/dns-sync-0.2.2.tgz#e713eb46c3ddf6fde37e9453a31a4440ca45a8e7"
+  integrity sha512-GoWRmng1RpnFXrfITbAgfndTjvBgf438jRq1Q5m1Db9HfN9qR/TlRRcl7LXsvq+oS3iUzXyNECzoU62jHPilKw==
   dependencies:
     debug "^4"
     shelljs "~0.8"