[CVE-2022-24999] Bump express from 4.17.1 to 4.18.2 (#3542)

* [CVE-2022-24999] Bump express from 4.17.1 to 4.18.2 Signed-off-by: Josh Romero <rmerqg@amazon.com> * add changelog Signed-off-by: Josh Romero <rmerqg@amazon.com> --------- Signed-off-by: Josh Romero <rmerqg@amazon.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com>
opensearch-project · Mar 7, 2023 · 1a8c68f · 1a8c68f
1 parent 3f6b696
commit 1a8c68f
Show file tree

Hide file tree

Showing 3 changed files with 181 additions and 67 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -26,6 +26,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - [CVE-2022-2499] Resolve qs from 6.5.2 and 6.7.0 to 6.11.0 in 1.x ([#3451](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3451))
 - [CVE-2023-25653] Bump node-jose to 2.2.0 ([#3445](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3445))
 - [CVE-2021-23807] Bump jsonpointer from 4.1.0 to 5.0.1 ([#3535](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3535))
+- [CVE-2022-24999] Bump express from 4.17.1 to 4.18.2 ([#3542](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3542))
 
 ### 📈 Features/Enhancements
 

diff --git a/package.json b/package.json
@@ -87,6 +87,7 @@
     "!chromedriver/**/axios": "^0.21.4",
     "chromedriver/**/axios": "^0.27.2",
     "**/ejs": "^3.1.6",
+    "**/express": "^4.18.0",
     "**/follow-redirects": "^1.15.2",
     "**/front-matter": "^4.0.2",
     "**/glob-parent": "^6.0.0",