diff --git a/changes/en-us/develop.md b/changes/en-us/develop.md
index 7ebad829639..37913bbcb4c 100644
--- a/changes/en-us/develop.md
+++ b/changes/en-us/develop.md
@@ -22,6 +22,7 @@ Add changes here for all PR submitted to the develop branch.
- [[#4761](https://github.com/seata/seata/pull/4761)] use hget replace hmget because only one field
- [[#4414](https://github.com/seata/seata/pull/4414)] exclude log4j dependencies
- [[#4836](https://github.com/seata/seata/pull/4836)] optimize BaseTransactionalExecutor#buildLockKey(TableRecords rowsIncludingPK) method more readable
+- [[#4865](https://github.com/seata/seata/pull/4865)] fix some security vulnerabilities in GGEditor
### test:
- [[#4794](https://github.com/seata/seata/pull/4794)] try to fix the test `DataSourceProxyTest.getResourceIdTest()`
diff --git a/changes/zh-cn/develop.md b/changes/zh-cn/develop.md
index f40ee88afde..5d5a7145df7 100644
--- a/changes/zh-cn/develop.md
+++ b/changes/zh-cn/develop.md
@@ -22,6 +22,7 @@
- [[#4761](https://github.com/seata/seata/pull/4761)] 使用 hget 代替 RedisLocker 中的 hmget, 因为只有一个 field
- [[#4414](https://github.com/seata/seata/pull/4414)] 移除log4j依赖
- [[#4836](https://github.com/seata/seata/pull/4836)] 优化 BaseTransactionalExecutor#buildLockKey(TableRecords rowsIncludingPK) 方法可读性
+- [[#4865](https://github.com/seata/seata/pull/4865)] 修复 Saga 可视化设计器 GGEditor 安全漏洞
### test:
- [[#4794](https://github.com/seata/seata/pull/4794)] 重构代码,尝试修复单元测试 `DataSourceProxyTest.getResourceIdTest()`
diff --git a/saga/seata-saga-statemachine-designer/README.md b/saga/seata-saga-statemachine-designer/README.md
index f47207905c1..9f86bd1839d 100644
--- a/saga/seata-saga-statemachine-designer/README.md
+++ b/saga/seata-saga-statemachine-designer/README.md
@@ -16,7 +16,7 @@ $ npm start
## build a package
```sh
$ cd saga/saga-statemachine-designer
-$ npm build
+$ npm run build
```
copy 'index.html' and 'dist' directory to static html directory of web server
diff --git a/saga/seata-saga-statemachine-designer/README.zh-CN.md b/saga/seata-saga-statemachine-designer/README.zh-CN.md
index 61be6065728..a056180a54f 100644
--- a/saga/seata-saga-statemachine-designer/README.zh-CN.md
+++ b/saga/seata-saga-statemachine-designer/README.zh-CN.md
@@ -16,7 +16,7 @@ $ npm start
## 打包
```sh
$ cd saga/saga-statemachine-designer
-$ npm build
+$ npm run build
```
然后将index.html和dist目录拷贝到web server的静态页面目录下
diff --git a/saga/seata-saga-statemachine-designer/index.html b/saga/seata-saga-statemachine-designer/index.html
index e42c917871b..058fc84d0a8 100644
--- a/saga/seata-saga-statemachine-designer/index.html
+++ b/saga/seata-saga-statemachine-designer/index.html
@@ -6,16 +6,16 @@
Seata Saga StateMachine Designer
-
+
-
-
-
-
-
+
+
+
+
+
diff --git a/saga/seata-saga-statemachine-designer/package-lock.json b/saga/seata-saga-statemachine-designer/package-lock.json
index 942a4b84b3e..1bb7869df98 100644
--- a/saga/seata-saga-statemachine-designer/package-lock.json
+++ b/saga/seata-saga-statemachine-designer/package-lock.json
@@ -2090,9 +2090,9 @@
"dev": true
},
"async": {
- "version": "2.6.3",
- "resolved": "https://registry.npm.taobao.org/async/download/async-2.6.3.tgz",
- "integrity": "sha1-1yYl4jRKNlbjo61Pp0n6gymdgv8=",
+ "version": "2.6.4",
+ "resolved": "https://registry.npmjs.org/async/-/async-2.6.4.tgz",
+ "integrity": "sha512-mzo5dfJYwAn29PeiJ0zvwTo04zj8HDJj0Mn8TD7sno7q12prdbnasKJHhkm2c1LgrhlJ0teaea8860oxi51mGA==",
"dev": true,
"requires": {
"lodash": "^4.17.14"
@@ -4554,9 +4554,9 @@
"dev": true
},
"eventsource": {
- "version": "1.0.7",
- "resolved": "https://registry.npm.taobao.org/eventsource/download/eventsource-1.0.7.tgz",
- "integrity": "sha1-j7xyyT/NNAiAkLwKTmT0tc7m2NA=",
+ "version": "1.1.1",
+ "resolved": "https://registry.npmjs.org/eventsource/-/eventsource-1.1.1.tgz",
+ "integrity": "sha512-qV5ZC0h7jYIAOhArFJgSfdyz6rALJyb270714o7ZtNnw2WSJ+eexhKtE0O8LYPRsHZHf2osHKZBxGPvm3kPkCA==",
"dev": true,
"requires": {
"original": "^1.0.0"
@@ -6293,9 +6293,9 @@
}
},
"lodash": {
- "version": "4.17.15",
- "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
- "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A=="
+ "version": "4.17.21",
+ "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+ "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg=="
},
"lodash._reinterpolate": {
"version": "3.0.0",
@@ -9569,9 +9569,9 @@
"dev": true
},
"terser": {
- "version": "4.8.0",
- "resolved": "https://registry.npm.taobao.org/terser/download/terser-4.8.0.tgz?cache=0&sync_timestamp=1592448432005&other_urls=https%3A%2F%2Fregistry.npm.taobao.org%2Fterser%2Fdownload%2Fterser-4.8.0.tgz",
- "integrity": "sha1-YwVjQ9fHC7KfOvZlhlpG/gOg3xc=",
+ "version": "4.8.1",
+ "resolved": "https://registry.npmjs.org/terser/-/terser-4.8.1.tgz",
+ "integrity": "sha512-4GnLC0x667eJG0ewJTa6z/yXrbLGv80D9Ru6HIpCQmO+Q4PfEtBFi0ObSckqwL6VyQv/7ENJieXHo2ANmdQwgw==",
"dev": true,
"requires": {
"commander": "^2.20.0",
@@ -9581,8 +9581,8 @@
"dependencies": {
"source-map": {
"version": "0.6.1",
- "resolved": "https://registry.npm.taobao.org/source-map/download/source-map-0.6.1.tgz",
- "integrity": "sha1-dHIq8y6WFOnCh6jQu95IteLxomM=",
+ "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+ "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
"dev": true
}
}
@@ -9961,9 +9961,9 @@
}
},
"url-parse": {
- "version": "1.4.7",
- "resolved": "https://registry.npm.taobao.org/url-parse/download/url-parse-1.4.7.tgz?cache=0&other_urls=https%3A%2F%2Fregistry.npm.taobao.org%2Furl-parse%2Fdownload%2Furl-parse-1.4.7.tgz",
- "integrity": "sha1-qKg1NejACjFuQDpdtKwbm4U64ng=",
+ "version": "1.5.10",
+ "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.5.10.tgz",
+ "integrity": "sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==",
"dev": true,
"requires": {
"querystringify": "^2.1.1",
diff --git a/saga/seata-saga-statemachine-designer/package.json b/saga/seata-saga-statemachine-designer/package.json
index be69633d659..73da2658835 100644
--- a/saga/seata-saga-statemachine-designer/package.json
+++ b/saga/seata-saga-statemachine-designer/package.json
@@ -51,7 +51,7 @@
"@antv/g6": "^2.2.6",
"codemirror": "^5.55.0",
"core-js": "^3.6.5",
- "lodash": "^4.17.10",
+ "lodash": "^4.17.21",
"react-codemirror": "^1.0.0"
},
"devDependencies": {