diff --git a/CHANGELOG.md b/CHANGELOG.md index 3c95ac41963..d46eea2a719 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - [WS-2021-0638] Bump mocha from `7.2.0` to `10.1.0` ([#2711](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2711)) - [CVE-2023-26115] Bump `word-wrap` from `1.2.3` to `1.2.4` ([#4589](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/4589)) - Bump `node-sass` to a version that uses a newer `libsass` ([#4649](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/4649)) +- [CVE-2019-11358] Bump version of tinygradient from 0.4.3 to 1.1.5 ([#4742](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/4742)) ### 📈 Features/Enhancements diff --git a/package.json b/package.json index decb8f5f37b..190da4d3c6c 100644 --- a/package.json +++ b/package.json @@ -217,7 +217,7 @@ "source-map-support": "^0.5.19", "symbol-observable": "^1.2.0", "tar": "^6.1.11", - "tinygradient": "0.4.3", + "tinygradient": "^1.1.5", "tinymath": "1.2.1", "tslib": "^2.0.0", "type-detect": "^4.0.8", diff --git a/yarn.lock b/yarn.lock index 2f420f4e0d9..81d80ced425 100644 --- a/yarn.lock +++ b/yarn.lock @@ -17060,10 +17060,10 @@ tinycolor2@^1.0.0, tinycolor2@^1.4.1: resolved "https://registry.yarnpkg.com/tinycolor2/-/tinycolor2-1.4.2.tgz#3f6a4d1071ad07676d7fa472e1fac40a719d8803" integrity sha512-vJhccZPs965sV/L2sU4oRQVAos0pQXwsvTLkWYdqJ+a8Q5kPFzJTuOFwy7UniPli44NKQGAglksjvOcpo95aZA== -tinygradient@0.4.3: - version "0.4.3" - resolved "https://registry.yarnpkg.com/tinygradient/-/tinygradient-0.4.3.tgz#0a8dfde56f8865deec4c435a51bd5b0c0dec59fa" - integrity sha512-tBPYQSs6eWukzzAITBSmqcOwZCKACvRa/XjPPh1mj4mnx4G3Drm51HxyCTU/TKnY8kG4hmTe5QlOh9O82aNtJQ== +tinygradient@^1.1.5: + version "1.1.5" + resolved "https://registry.yarnpkg.com/tinygradient/-/tinygradient-1.1.5.tgz#0fb855ceb18d96b21ba780b51a8012033b2530ef" + integrity sha512-8nIfc2vgQ4TeLnk2lFj4tRLvvJwEfQuabdsmvDdQPT0xlk9TaNtpGd6nNRxXoK6vQhN6RSzj+Cnp5tTQmpxmbw== dependencies: "@types/tinycolor2" "^1.4.0" tinycolor2 "^1.0.0"