[Backport 1.3][CVE-2022-25883] Resolve semver to 7.5.3 and remove unu…

…sed package In this PR, we resolve semver to 7.5.3 from 5.x, 6.x and 7.x. There are breaking changes in API in 7.5.3 compared to 5.x/6.x. However, these API changes do not impact any usages. Backport PR opensearch-project#4411 Issue Resolve opensearch-project#4370 Signed-off-by: ananzh <[email protected]>
ananzh · Jun 29, 2023 · a384839 · a384839
1 parent 82d8632
commit a384839
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 20 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - [CVE-2022-1537] Bump grunt from `1.5.2` to `1.5.3` ([#4276](https:/opensearch-project/OpenSearch-Dashboards/pull/4276))
 - [CVE-2022-25858] Bump terser from `4.8.0` to `4.8.1` ([#3726](https:/opensearch-project/OpenSearch-Dashboards/pull/3726))
 - [CVE-2021-3765] Update `@microsoft/api-documenter` and `@microsoft/api-extractor` versions to bump validator from `8.2.0` to `13.9.0` ([#3725](https:/opensearch-project/OpenSearch-Dashboards/pull/3725))
+- [CVE-2022-25883] Resolve `semver` to `7.5.3` and remove unused package ([#4411](https:/opensearch-project/OpenSearch-Dashboards/pull/4411))
 
 ### 📈 Features/Enhancements
 

diff --git a/package.json b/package.json
@@ -235,7 +235,7 @@
  "require-in-the-middle": "^5.0.2",
  "rison-node": "1.0.2",
  "rxjs": "^6.5.5",
- "semver": "^5.7.0",
+ "semver": "^7.5.3",
  "source-map-support": "^0.5.19",
  "symbol-observable": "^1.2.0",
  "tar": "^6.1.11",
@@ -351,7 +351,7 @@
  "@types/recompose": "^0.30.6",
  "@types/request": "^2.48.2",
  "@types/selenium-webdriver": "^4.0.9",
- "@types/semver": "^5.5.0",
+ "@types/semver": "^7.5.0",
  "@types/sinon": "^7.0.13",
  "@types/strip-ansi": "^5.2.1",
  "@types/styled-components": "^5.1.0",

diff --git a/packages/osd-pm/package.json b/packages/osd-pm/package.json
@@ -19,7 +19,6 @@
  "@babel/preset-env": "^7.11.0",
  "@babel/preset-typescript": "^7.10.4",
  "@types/cmd-shim": "^2.0.0",
- "@types/cpy": "^5.1.0",
  "@types/dedent": "^0.7.0",
  "@types/getopts": "^2.0.1",
  "@types/glob": "^7.1.3",

diff --git a/yarn.lock b/yarn.lock
@@ -2586,19 +2586,6 @@
  resolved "https://registry.yarnpkg.com/@types/cookiejar/-/cookiejar-2.1.0.tgz#4b7daf2c51696cfc70b942c11690528229d1a1ce"
  integrity sha512-EIjmpvnHj+T4nMcKwHwxZKUfDmphIKJc2qnEMhSoOvr1lYEQpuRKRz8orWr//krYIIArS/KGGLfL2YGVUYXmIA==
 
-"@types/cp-file@*":
- version "4.2.0"
- resolved "https://registry.yarnpkg.com/@types/cp-file/-/cp-file-4.2.0.tgz#2b12186b50dad407b11021284627bdf4adb87a87"
- integrity sha512-nkd9c0L2aWfsDFrkpxfGJ5bCKeiAv6lccbH9vxKeWYw9YuyqskjtRTrBEBAiea9R08OSiboQ4ssmwAVJMHmHHA==
-
-"@types/cpy@^5.1.0":
- version "5.1.0"
- resolved "https://registry.yarnpkg.com/@types/cpy/-/cpy-5.1.0.tgz#ced20cbae8528031ae5478f1d0fe4bca2518eda7"
- integrity sha512-NU7IrYOZx+K2YCo7muReOj6FIxEWdWXCN7hgRhQ+h2lgpeLy27si9ZzdDwWCW+Q1RP9B1lDTJ368FPFSOp1ZqA==
- dependencies:
- "@types/cp-file" "*"
- "@types/glob" "*"
-
 "@types/d3@^3.5.43":
  version "3.5.43"
  resolved "https://registry.yarnpkg.com/@types/d3/-/d3-3.5.43.tgz#e9b4992817e0b6c5efaa7d6e5bb2cee4d73eab58"
@@ -3298,10 +3285,10 @@
  resolved "https://registry.yarnpkg.com/@types/selenium-webdriver/-/selenium-webdriver-4.0.9.tgz#12621e55b2ef8f6c98bd17fe23fa720c6cba16bd"
  integrity sha512-HopIwBE7GUXsscmt/J0DhnFXLSmO04AfxT6b8HAprknwka7pqEWquWDMXxCjd+NUHK9MkCe1SDKKsMiNmCItbQ==
 
-"@types/semver@^5.5.0":
- version "5.5.0"
- resolved "https://registry.yarnpkg.com/@types/semver/-/semver-5.5.0.tgz#146c2a29ee7d3bae4bf2fcb274636e264c813c45"
- integrity sha512-41qEJgBH/TWgo5NFSvBCJ1qkoi3Q6ONSF2avrHq1LVEZfYpdHmj0y9SuTK+u9ZhG1sYQKBL1AWXKyLWP4RaUoQ==
+"@types/semver@^7.5.0":
+ version "7.5.0"
+ resolved "https://registry.yarnpkg.com/@types/semver/-/semver-7.5.0.tgz#591c1ce3a702c45ee15f47a42ade72c2fd78978a"
+ integrity sha512-G8hZ6XJiHnuhQKR7ZmysCeJWE08o8T0AXtk5darsCaTVsYZhhgUrq53jizaR2FvsoeCwJhlmwTjkXBY5Pn/ZHw==
 
 "@types/shot@*":
  version "4.0.0"
@@ -18860,6 +18847,13 @@ semver@^7.3.8, semver@~7.3.0:
  dependencies:
  lru-cache "^6.0.0"
 
+semver@^7.5.3:
+ version "7.5.3"
+ resolved "https://registry.yarnpkg.com/semver/-/semver-7.5.3.tgz#161ce8c2c6b4b3bdca6caadc9fa3317a4c4fe88e"
+ integrity sha512-QBlUtyVk/5EeHbi7X0fw6liDZc7BBmEaSYn01fMU1OUYbf6GPsbTtd8WmnqbI20SeycoHSeiybkE/q1Q+qlThQ==
+ dependencies:
+ lru-cache "^6.0.0"
+
 [email protected]:
  version "0.18.0"
  resolved "https://registry.yarnpkg.com/send/-/send-0.18.0.tgz#670167cc654b05f5aa4a767f9113bb371bc706be"