From ba2f9ca82dba799fb11e53761a2ef913ddd52c03 Mon Sep 17 00:00:00 2001
From: Anan Zhuang <ananzh@amazon.com>
Date: Thu, 30 Mar 2023 03:48:32 +0000
Subject: [PATCH] [CVE-2022-25851][1.x] Bump jpeg-js from 0.4.1 to 0.4.4

Issue Resolve
https://github.com/opensearch-project/OpenSearch-Dashboards/issues/1725

Backport PR
https://github.com/opensearch-project/OpenSearch-Dashboards/pull/1753

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
---
 CHANGELOG.md | 2 ++
 yarn.lock    | 6 +++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ee3e300b611f..10fffd88df7a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,8 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 
 ### 🛡 Security
 
+- [CVE-2022-25851] Bump jpeg-js from `0.4.1` to `0.4.4` ([#3741](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3741))
+
 ### 📈 Features/Enhancements
 
 - [Optimizer] Increase timeout waiting for the exiting of an optimizer worker ([#3193](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3193))
diff --git a/yarn.lock b/yarn.lock
index a7245bc6235d..683a3886c837 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -13239,9 +13239,9 @@ joi@13.x.x, joi@^13.5.2:
     topo "3.x.x"
 
 jpeg-js@^0.4.0:
-  version "0.4.1"
-  resolved "https://registry.yarnpkg.com/jpeg-js/-/jpeg-js-0.4.1.tgz#937a3ae911eb6427f151760f8123f04c8bfe6ef7"
-  integrity sha512-jA55yJiB5tCXEddos8JBbvW+IMrqY0y1tjjx9KNVtA+QPmu7ND5j0zkKopClpUTsaETL135uOM2XfcYG4XRjmw==
+  version "0.4.4"
+  resolved "https://registry.yarnpkg.com/jpeg-js/-/jpeg-js-0.4.4.tgz#a9f1c6f1f9f0fa80cdb3484ed9635054d28936aa"
+  integrity sha512-WZzeDOEtTOBK4Mdsar0IqEU5sMr3vSV2RqkAIzUEV2BHnUfKGyswWFPFwK5EeDo93K3FohSHbLAjj0s1Wzd+dg==
 
 jquery@^3.5.0:
   version "3.5.0"