Skip to content

[Maintainence] CVE fixes for 2.19.4 #10822

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 11 commits into
base: 2.19
Choose a base branch
from
Open

[Maintainence] CVE fixes for 2.19.4 #10822

wants to merge 11 commits into from
+781 −54

Conversation

@sumukhswamy
Copy link
Collaborator

@sumukhswamy sumukhswamy commented Oct 28, 2025
edited
Loading

Description

CVE fixed for
[CVE-2025-9287 CRITICAL]
[CVE-2025-9288 CRITICAL]
[CVE-2025-6547 CRITICAL]
[CVE-2025-6545 CRITICAL]

Issues Resolved

Screenshot

Testing the changes

Changelog

  • chore: CVE Fixed for 2.19, Update Webpack to support jspdf upgrade

Check List

  • All tests pass
    • yarn test:jest
    • yarn test:jest_integration
  • New functionality includes testing.
  • New functionality has been documented.
  • Update CHANGELOG.md
  • Commits are signed per the DCO using --signoff

@sumukhswamy
added cve fix
6d3d31f 
Signed-off-by: sumukhswamy <[email protected]>
@sumukhswamy sumukhswamy added maintenance v2.19.4 Issues targeting release v2.19.4 labels Oct 28, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Oct 28, 2025

❌ Invalid Prefix

Invalid description prefix. Found "chore ". Expected "breaking", "deprecate", "feat", "fix", "infra", "doc", "chore", "refactor", "security", "skip", or "test".

@github-actions
Copy link
Contributor

github-actions bot commented Oct 28, 2025

❌ Changelog Entry Missing Hyphen

Changelog entries must begin with a hyphen (-).

TackAdam
TackAdam previously approved these changes Oct 28, 2025
View reviewed changes
@codecov
Copy link

codecov bot commented Oct 28, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 0% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 59.28%. Comparing base (a659762) to head (6cfb3f8).

Files with missing lines Patch % Lines
...s/osd-test/src/failed_tests_reporter/github_api.ts 0.00% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             2.19   #10822      +/-   ##
==========================================
- Coverage   61.16%   59.28%   -1.88%     
==========================================
  Files        3815     3618     -197     
  Lines       91512    86413    -5099     
  Branches    14459    13631     -828     
==========================================
- Hits        55975    51234    -4741     
+ Misses      31980    31949      -31     
+ Partials     3557     3230     -327
Flag Coverage Δ
Linux_1 ?
Linux_2 ?
Linux_3 ?
Linux_4 ?
Windows_1 29.65% <0.00%> (+0.49%) ⬆️
Windows_2 57.06% <ø> (+0.50%) ⬆️
Windows_3 40.87% <ø> (+2.80%) ⬆️
Windows_4 30.79% <ø> (+1.61%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@sumukhswamy sumukhswamy changed the title added cve fix [Maintainenece]CVE fixes for 2.19.4 Oct 28, 2025
@gaiksaya gaiksaya changed the title [Maintainenece]CVE fixes for 2.19.4 [Maintainence] CVE fixes for 2.19.4 Oct 28, 2025
@sumukhswamy
patches for axios cve
0c35fb5 
Signed-off-by: sumukhswamy <[email protected]>
@sumukhswamy
patches for axios cve
d6f94b9 
Signed-off-by: sumukhswamy <[email protected]>
angle943
angle943 previously approved these changes Oct 28, 2025
View reviewed changes
ps48
ps48 previously approved these changes Oct 28, 2025
View reviewed changes
@ps48
Copy link
Member

ps48 commented Oct 28, 2025

@sumukhswamy can you please check why is the build failing:

Error: Package subpath './lib/adapters/http' is not defined by "exports" in /home/runner/work/OpenSearch-Dashboards/OpenSearch-Dashboards/artifacts/node_modules/axios/package.json

@sumukhswamy sumukhswamy dismissed stale reviews from ps48 and angle943 via b700de0 October 28, 2025 23:45
@sumukhswamy
removed failing build and test patch
992dd8e 
Signed-off-by: sumukhswamy <[email protected]>
@sumukhswamy
axios fixes
d571ffa 
Signed-off-by: sumukhswamy <[email protected]>
@sumukhswamy
axios fixes
4d4cbe7 
Signed-off-by: sumukhswamy <[email protected]>
@sumukhswamy
patching axios file
7366703 
Signed-off-by: sumukhswamy <[email protected]>
@sumukhswamy
reverted prev package and added new 1.12.2
9bae8eb 
Signed-off-by: sumukhswamy <[email protected]>
@sumukhswamy
added removed osdstylint
6cfb3f8 
Signed-off-by: sumukhswamy <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ps48 ps48 ps48 left review comments

@angle943 angle943 angle943 left review comments

@TackAdam TackAdam TackAdam left review comments

@ananzh ananzh Awaiting requested review from ananzh ananzh is a code owner

@kavilla kavilla Awaiting requested review from kavilla kavilla is a code owner

@AMoo-Miki AMoo-Miki Awaiting requested review from AMoo-Miki AMoo-Miki is a code owner

@ashwin-pc ashwin-pc Awaiting requested review from ashwin-pc ashwin-pc is a code owner

@joshuarrrr joshuarrrr Awaiting requested review from joshuarrrr joshuarrrr is a code owner

@abbyhu2000 abbyhu2000 Awaiting requested review from abbyhu2000 abbyhu2000 is a code owner

@zengyan-amazon zengyan-amazon Awaiting requested review from zengyan-amazon zengyan-amazon is a code owner

@zhongnansu zhongnansu Awaiting requested review from zhongnansu zhongnansu is a code owner

@manasvinibs manasvinibs Awaiting requested review from manasvinibs manasvinibs is a code owner

@ZilongX ZilongX Awaiting requested review from ZilongX ZilongX is a code owner

@Flyingliuhub Flyingliuhub Awaiting requested review from Flyingliuhub Flyingliuhub is a code owner

@curq curq Awaiting requested review from curq curq is a code owner

@bandinib-amzn bandinib-amzn Awaiting requested review from bandinib-amzn bandinib-amzn is a code owner

@SuZhou-Joe SuZhou-Joe Awaiting requested review from SuZhou-Joe SuZhou-Joe is a code owner

@ruanyl ruanyl Awaiting requested review from ruanyl ruanyl is a code owner

@BionIT BionIT Awaiting requested review from BionIT BionIT is a code owner

@xinruiba xinruiba Awaiting requested review from xinruiba xinruiba is a code owner

@zhyuanqi zhyuanqi Awaiting requested review from zhyuanqi zhyuanqi is a code owner

@mengweieric mengweieric Awaiting requested review from mengweieric mengweieric is a code owner

@LDrago27 LDrago27 Awaiting requested review from LDrago27 LDrago27 is a code owner

@virajsanghvi virajsanghvi Awaiting requested review from virajsanghvi virajsanghvi is a code owner

@sejli sejli Awaiting requested review from sejli sejli is a code owner

@joshuali925 joshuali925 Awaiting requested review from joshuali925 joshuali925 is a code owner

@huyaboo huyaboo Awaiting requested review from huyaboo huyaboo is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

maintenance v2.19.4 Issues targeting release v2.19.4

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sumukhswamy @ps48 @angle943 @TackAdam