From e6ca8c45745ae204dfadac87a7cab062a74fb3d5 Mon Sep 17 00:00:00 2001 From: "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Date: Thu, 18 May 2023 11:30:47 -0700 Subject: [PATCH] Bump highlight.js from 9.18.5 to 10.7.3 to solve security concerns (#4045) (#4062) (cherry picked from commit d71c377ad8ae4d48579dff32d63de5e9679479b1) Signed-off-by: ananzh Signed-off-by: github-actions[bot] Co-authored-by: github-actions[bot] --- package.json | 2 +- packages/osd-ui-framework/package.json | 2 +- yarn.lock | 20 +++++--------------- 3 files changed, 7 insertions(+), 17 deletions(-) diff --git a/package.json b/package.json index c4b70eb3c9f..468dfdbde18 100644 --- a/package.json +++ b/package.json @@ -96,6 +96,7 @@ "**/follow-redirects": "^1.15.2", "**/front-matter": "^4.0.2", "**/glob-parent": "^6.0.2", + "**/highlight.js": "^10.4.1", "**/hoist-non-react-statics": "^3.3.2", "**/immer": "^8.0.1", "**/istanbul-instrumenter-loader/schema-utils": "^1.0.0", @@ -116,7 +117,6 @@ "**/prismjs": "^1.23.0", "**/qs": "^6.11.0", "**/react-syntax-highlighter": "^15.3.1", - "**/react-syntax-highlighter/**/highlight.js": "^10.4.1", "**/request": "^2.88.2", "**/shelljs": "0.8.5", "**/scss-tokenizer": "^0.4.3", diff --git a/packages/osd-ui-framework/package.json b/packages/osd-ui-framework/package.json index e5c90297315..d55a45a883b 100644 --- a/packages/osd-ui-framework/package.json +++ b/packages/osd-ui-framework/package.json @@ -46,7 +46,7 @@ "grunt-babel": "^8.0.0", "grunt-contrib-clean": "^2.0.0", "grunt-contrib-copy": "^1.0.0", - "highlight.js": "^9.18.5", + "highlight.js": "^10.4.1", "html": "1.0.0", "html-loader": "^0.5.5", "imports-loader": "^0.8.0", diff --git a/yarn.lock b/yarn.lock index a59a95a6b00..7f6bf4431ee 100644 --- a/yarn.lock +++ b/yarn.lock @@ -10142,7 +10142,7 @@ glob-all@^3.2.1: glob "^7.1.2" yargs "^15.3.1" -glob-parent@^3.1.0, glob-parent@^5.0.0, glob-parent@^5.1.0, glob-parent@^5.1.1, glob-parent@^5.1.2, glob-parent@^6.0.1, glob-parent@~5.1.0, glob-parent@~5.1.2: +glob-parent@^3.1.0, glob-parent@^5.0.0, glob-parent@^5.1.0, glob-parent@^5.1.1, glob-parent@^5.1.2, glob-parent@^6.0.2, glob-parent@~5.1.0, glob-parent@~5.1.2: version "6.0.2" resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-6.0.2.tgz#6d237d99083950c79290f24c7642a3de9a28f9e3" integrity sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A== @@ -11093,20 +11093,10 @@ hexoid@^1.0.0: resolved "https://registry.yarnpkg.com/hexoid/-/hexoid-1.0.0.tgz#ad10c6573fb907de23d9ec63a711267d9dc9bc18" integrity sha512-QFLV0taWQOZtvIRIAdBChesmogZrtuXvVWsFHZTk2SU+anspqZ2vMnoLg7IE1+Uk16N19APic1BuF8bC8c2m5g== -highlight.js@^10.4.1, highlight.js@~10.7.0: - version "10.7.2" - resolved "https://registry.yarnpkg.com/highlight.js/-/highlight.js-10.7.2.tgz#89319b861edc66c48854ed1e6da21ea89f847360" - integrity sha512-oFLl873u4usRM9K63j4ME9u3etNF0PLiJhSQ8rdfuL51Wn3zkD6drf9ZW0dOzjnZI22YYG24z30JcmfCZjMgYg== - -highlight.js@^9.18.5: - version "9.18.5" - resolved "https://registry.yarnpkg.com/highlight.js/-/highlight.js-9.18.5.tgz#d18a359867f378c138d6819edfc2a8acd5f29825" - integrity sha512-a5bFyofd/BHCX52/8i8uJkjr9DYwXIPnM/plwI6W7ezItLGqzt7X2G2nXuYSfsIJdkwwj/g9DG1LkcGJI/dDoA== - -highlight.js@~10.4.0: - version "10.4.1" - resolved "https://registry.yarnpkg.com/highlight.js/-/highlight.js-10.4.1.tgz#d48fbcf4a9971c4361b3f95f302747afe19dbad0" - integrity sha512-yR5lWvNz7c85OhVAEAeFhVCc/GV4C30Fjzc/rCP0aCWzc1UUOPUk55dK/qdwTZHBvMZo+eZ2jpk62ndX/xMFlg== +highlight.js@^10.4.1, highlight.js@^9.18.5, highlight.js@~10.4.0, highlight.js@~10.7.0: + version "10.7.3" + resolved "https://registry.yarnpkg.com/highlight.js/-/highlight.js-10.7.3.tgz#697272e3991356e40c3cac566a74eef681756531" + integrity sha512-tzcUFauisWKNHaRkN4Wjl/ZA07gENAjFl3J/c480dprkGTg5EQstgaNFqBfUqCq54kZRIEcreTsAgF/m2quD7A== history@^4.9.0: version "4.9.0"