Skip to content

[CVE-2024-45296] Bump path-to-regexp to 1.9.0, 3.3.0, and 6.3.0 #8197

Merged
ashwin-pc merged 3 commits intoopensearch-project:mainfrom
AMoo-Miki:fix-CVE-2024-45296
Sep 16, 2024
Merged

[CVE-2024-45296] Bump path-to-regexp to 1.9.0, 3.3.0, and 6.3.0 #8197
ashwin-pc merged 3 commits intoopensearch-project:mainfrom
AMoo-Miki:fix-CVE-2024-45296

Conversation

@AMoo-Miki
Copy link
Copy Markdown
Collaborator

@AMoo-Miki AMoo-Miki commented Sep 14, 2024

Description

[CVE-2024-45296] Bump path-to-regexp to 1.9.0, 3.3.0, and 6.3.0

Changelog

  • security: [CVE-2024-45296] Bump path-to-regexp to 1.9.0, 3.3.0, and 6.3.0

Check List

  • All tests pass
    • yarn test:jest
    • yarn test:jest_integration
  • New functionality includes testing.
  • New functionality has been documented.
  • Update CHANGELOG.md
  • Commits are signed per the DCO using --signoff

Miki added 2 commits September 13, 2024 17:33
Revert 8176
d0b2821 
Signed-off-by: Miki <miki@amazon.com>
[CVE-2024-45296] Bump path-to-regexp to 1.9.0, 3.3.0, and 6.3.0
c4e7f62 
Signed-off-by: Miki <miki@amazon.com>
@AMoo-Miki AMoo-Miki mentioned this pull request Sep 14, 2024
Merged
7 tasks
@AMoo-Miki
Copy link
Copy Markdown
Collaborator Author

AMoo-Miki commented Sep 14, 2024

Manually backported to 2.17 with #8198

Needs to be backported to 2.x from main.

@codecov
Copy link
Copy Markdown

codecov bot commented Sep 14, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 64.04%. Comparing base (21f4218) to head (afec82d).
Report is 2 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #8197      +/-   ##
==========================================
- Coverage   64.04%   64.04%   -0.01%     
==========================================
  Files        3740     3740              
  Lines       88608    88608              
  Branches    13799    13799              
==========================================
- Hits        56746    56745       -1     
- Misses      31264    31265       +1     
  Partials      598      598
Flag Coverage Δ
Linux_1 30.03% <ø> (ø)
Linux_2 58.83% <ø> (ø)
Linux_3 40.36% <ø> (-0.01%) ⬇️
Linux_4 31.46% <ø> (-0.01%) ⬇️
Windows_1 30.05% <ø> (ø)
Windows_2 58.78% <ø> (ø)
Windows_3 40.37% <ø> (ø)
Windows_4 31.46% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

gaiksaya pushed a commit that referenced this pull request Sep 14, 2024
[Manual backport 2.17] [CVE-2024-45296] Bump path-to-regexp to 1.9.0,…
66369eb 
… 3.3.0, and 6.3.0 #8197  (#8198)

Signed-off-by: Miki <miki@amazon.com>
@ashwin-pc ashwin-pc merged commit 3c4dc9d into opensearch-project:main Sep 16, 2024
opensearch-trigger-bot bot pushed a commit that referenced this pull request Sep 16, 2024
@github-actions @opensearch-changeset-bot
[CVE-2024-45296] Bump path-to-regexp to 1.9.0, 3.3.0, and 6.3.0 (#8197)
0edb996 
* Revert 8176

Signed-off-by: Miki <miki@amazon.com>

* [CVE-2024-45296] Bump `path-to-regexp` to 1.9.0, 3.3.0, and 6.3.0

Signed-off-by: Miki <miki@amazon.com>

* Changeset file for PR #8197 created/updated

---------

Signed-off-by: Miki <miki@amazon.com>
Co-authored-by: opensearch-changeset-bot[bot] <154024398+opensearch-changeset-bot[bot]@users.noreply.github.com>
(cherry picked from commit 3c4dc9d)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Sep 16, 2024
Merged
AMoo-Miki pushed a commit that referenced this pull request Oct 17, 2024
@opensearch-trigger-bot @github-actions @opensearch-changeset-bot
[CVE-2024-45296] Bump path-to-regexp to 1.9.0, 3.3.0, and 6.3.0 (#8197)…
e4133db 
… (#8206)

* Revert 8176



* [CVE-2024-45296] Bump `path-to-regexp` to 1.9.0, 3.3.0, and 6.3.0



* Changeset file for PR #8197 created/updated

---------



(cherry picked from commit 3c4dc9d)

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: opensearch-changeset-bot[bot] <154024398+opensearch-changeset-bot[bot]@users.noreply.github.com>
ruchidh pushed a commit to ruchidh/OpenSearch-Dashboards that referenced this pull request Jul 18, 2025
@opensearch-trigger-bot @github-actions
@opensearch-changeset-bot @ruchidh
[CVE-2024-45296] Bump path-to-regexp to 1.9.0, 3.3.0, and 6.3.0 (open…
1f2af8c 
…search-project#8197) (opensearch-project#8206)

* Revert 8176

* [CVE-2024-45296] Bump `path-to-regexp` to 1.9.0, 3.3.0, and 6.3.0

* Changeset file for PR opensearch-project#8197 created/updated

---------

(cherry picked from commit 3c4dc9d)

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: opensearch-changeset-bot[bot] <154024398+opensearch-changeset-bot[bot]@users.noreply.github.com>
Signed-off-by: Ruchi Sharma <ruchi492@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ashwin-pc ashwin-pc ashwin-pc approved these changes

@zhongnansu zhongnansu zhongnansu approved these changes

@ananzh ananzh Awaiting requested review from ananzh ananzh is a code owner

@kavilla kavilla Awaiting requested review from kavilla kavilla is a code owner

@joshuarrrr joshuarrrr Awaiting requested review from joshuarrrr

@abbyhu2000 abbyhu2000 Awaiting requested review from abbyhu2000 abbyhu2000 is a code owner

@zengyan-amazon zengyan-amazon Awaiting requested review from zengyan-amazon zengyan-amazon is a code owner

@manasvinibs manasvinibs Awaiting requested review from manasvinibs

@ZilongX ZilongX Awaiting requested review from ZilongX ZilongX is a code owner

@Flyingliuhub Flyingliuhub Awaiting requested review from Flyingliuhub Flyingliuhub is a code owner

@curq curq Awaiting requested review from curq

@bandinib-amzn bandinib-amzn Awaiting requested review from bandinib-amzn bandinib-amzn is a code owner

@SuZhou-Joe SuZhou-Joe Awaiting requested review from SuZhou-Joe SuZhou-Joe is a code owner

@ruanyl ruanyl Awaiting requested review from ruanyl ruanyl is a code owner

@BionIT BionIT Awaiting requested review from BionIT

@xinruiba xinruiba Awaiting requested review from xinruiba xinruiba is a code owner

@zhyuanqi zhyuanqi Awaiting requested review from zhyuanqi zhyuanqi is a code owner

@mengweieric mengweieric Awaiting requested review from mengweieric mengweieric is a code owner

@LDrago27 LDrago27 Awaiting requested review from LDrago27 LDrago27 is a code owner

@virajsanghvi virajsanghvi Awaiting requested review from virajsanghvi virajsanghvi is a code owner

@sejli sejli Awaiting requested review from sejli sejli is a code owner

@joshuali925 joshuali925 Awaiting requested review from joshuali925 joshuali925 is a code owner

@huyaboo huyaboo Awaiting requested review from huyaboo huyaboo is a code owner

Assignees

No one assigned

Labels

backport 2.x distinguished-contributor v2.17.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@AMoo-Miki @ashwin-pc @zhongnansu