From b99d05001fde8845b04e11a2bc81ab0a8b785433 Mon Sep 17 00:00:00 2001 From: Anan Zhuang Date: Mon, 19 Aug 2024 12:42:59 -0700 Subject: [PATCH] [1.3][CVE-2024-33883] Bump ejs from 3.1.7 to 3.1.10 (#7740) Issue Resolve: CVE-2024-33883 Signed-off-by: Anan Zhuang --- package.json | 2 +- packages/osd-plugin-generator/package.json | 2 +- yarn.lock | 13 +++++++++---- 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/package.json b/package.json index 56d7b2dfafaf..0d080cdfded0 100644 --- a/package.json +++ b/package.json @@ -92,7 +92,7 @@ "!chromedriver/**/axios": "^0.21.4", "chromedriver/**/axios": "^0.27.2", "chromedriver/**/debug": "^4.3.1", - "**/ejs": "^3.1.6", + "**/ejs": "^3.1.10", "**/express": "^4.19.2", "**/flat": "^5.0.2", "**/follow-redirects": "^1.15.6", diff --git a/packages/osd-plugin-generator/package.json b/packages/osd-plugin-generator/package.json index 79425727643e..f43e03954ae6 100644 --- a/packages/osd-plugin-generator/package.json +++ b/packages/osd-plugin-generator/package.json @@ -11,7 +11,7 @@ "dependencies": { "@osd/cross-platform": "1.0.0", "@osd/dev-utils": "1.0.0", - "ejs": "^3.1.7", + "ejs": "^3.1.10", "execa": "^4.0.2", "inquirer": "^7.3.3", "normalize-path": "^3.0.0", diff --git a/yarn.lock b/yarn.lock index 63f280e51f23..6348579d7ae9 100644 --- a/yarn.lock +++ b/yarn.lock @@ -8185,10 +8185,10 @@ ee-first@1.1.1: resolved "https://registry.yarnpkg.com/ee-first/-/ee-first-1.1.1.tgz#590c61156b0ae2f4f0255732a158b266bc56b21d" integrity sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0= -ejs@^2.6.1, ejs@^3.1.5, ejs@^3.1.6, ejs@^3.1.7: - version "3.1.7" - resolved "https://registry.yarnpkg.com/ejs/-/ejs-3.1.7.tgz#c544d9c7f715783dd92f0bddcf73a59e6962d006" - integrity sha512-BIar7R6abbUxDA3bfXrO4DSgwo8I+fB5/1zgujl3HLLjwd6+9iOnrT+t3grn2qbk9vOgBubXOFwX2m9axoFaGw== +ejs@^2.6.1, ejs@^3.1.10, ejs@^3.1.5: + version "3.1.10" + resolved "https://registry.yarnpkg.com/ejs/-/ejs-3.1.10.tgz#69ab8358b14e896f80cc39e62087b88500c3ac3b" + integrity sha512-UeJmFfOrAQS8OJWPZ4qtgHyWExa088/MtK5UEyoJGFH67cDEXkZSviOiKRCZ4Xij0zxI3JECgYs3oKx+AizQBA== dependencies: jake "^10.8.5" @@ -15049,6 +15049,11 @@ minipass@^3.0.0, minipass@^3.1.1: dependencies: yallist "^4.0.0" +minipass@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/minipass/-/minipass-5.0.0.tgz#3e9788ffb90b694a5d0ec94479a45b5d8738133d" + integrity sha512-3FnjYuehv9k6ovOEbyOswadCDPX1piCfhV8ncmYtHOjuPwylVWsghTLo7rabjC3Rx5xD4HDx8Wm1xnMF7S5qFQ== + minizlib@^2.1.1: version "2.1.2" resolved "https://registry.yarnpkg.com/minizlib/-/minizlib-2.1.2.tgz#e90d3466ba209b932451508a11ce3d3632145931"