search

opensearch-project / security-dashboards-plugin

🔐 Manage your internal users, roles, access control, and audit logs from OpenSearch Dashboards
https://opensearch.org/docs/latest/security-plugin/index/
Apache License 2.0
71 stars 161 forks source link

Bump express for CVE #2141

Closed derek-ho closed 4 weeks ago

derek-ho commented 4 weeks ago

Description

Fix: CVE-2024-45590, CVE-2024-45296, CVE-2024-43796, CVE-2024-43800

Category

[Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation] Maintenance

Why these changes are required?

CVE fixes

What is the old behavior before changes and new behavior after changes?

None

Issues Resolved

[List any issues this PR will resolve (Is this a backport? If so, please add backport PR # and/or commits #)]

Testing

[Please provide details of testing done: unit testing, integration testing and manual testing]

Check List

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check here.

codecov[bot] commented 4 weeks ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 71.46%. Comparing base (9d0c35c) to head (c86d0ce). Report is 1 commits behind head on 2.18.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## 2.18 #2141 +/- ## ======================================= Coverage 71.46% 71.46% ======================================= Files 97 97 Lines 2649 2649 Branches 411 411 ======================================= Hits 1893 1893 Misses 641 641 Partials 115 115 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

opensearch-trigger-bot[bot] commented 4 weeks ago

The backport to main failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/security-dashboards-plugin/backport-main main
# Navigate to the new working tree
pushd ../.worktrees/security-dashboards-plugin/backport-main
# Create a new branch
git switch --create backport/backport-2141-to-main
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 40a984d2fd4ed8e87e28f7a030798f2bfe76dfc4
# Push it to GitHub
git push --set-upstream origin backport/backport-2141-to-main
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/security-dashboards-plugin/backport-main

Then, create a pull request where the base branch is main and the compare/head branch is backport/backport-2141-to-main.