[1.3][CVE-2021-23364] Bump browserslist from 2.11.3 to 4.21.10

* Bump browserslist from 2.11.3 to 4.21.10 * Bump autoprefixer from 7.2.6 to 10.4.15 Signed-off-by: ananzh <[email protected]>
ananzh · Sep 15, 2023 · 8f30c19 · 8f30c19
1 parent a45dea3
commit 8f30c19
Show file tree

Hide file tree

Showing 7 changed files with 63 additions and 91 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,6 +13,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - [CVE-2022-33987] Partially fix security issues for `got` by bumping `@elastic/makelogs` from `6.0.0` to `6.1.1` and updating yarn.lock ([#5006](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5006))
 - Bump `yo` from `2.0.6` to `3.1.1` ([#5005]( https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5005))
 - [CVE-2023-0842] Bump `xml2js` from `0.4.22` to `0.6.2` ([#5024](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5024))
+- [CVE-2021-23364] Bump `browserslist` from `2.11.3` to `4.21.10` and `autoprefixer` from `7.2.6` to `10.4.15` ([#5023](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5023))
 
 ### 📈 Features/Enhancements
 

diff --git a/package.json b/package.json
@@ -88,6 +88,8 @@
     "**/ajv": "^6.12.6",
     "**/ansi-html": "^0.0.8",
     "**/ansi-regex": "^5.0.1",
+    "**/autoprefixer": "^10.4.1",
+    "**/browserslist": "^4.21.10",
     "!chromedriver/**/axios": "^0.21.4",
     "chromedriver/**/axios": "^0.27.2",
     "**/ejs": "^3.1.6",

diff --git a/packages/osd-optimizer/package.json b/packages/osd-optimizer/package.json
@@ -17,7 +17,7 @@
     "@osd/dev-utils": "1.0.0",
     "@osd/std": "1.0.0",
     "@osd/ui-shared-deps": "1.0.0",
-    "autoprefixer": "^9.7.4",
+    "autoprefixer": "^10.4.1",
     "clean-webpack-plugin": "^3.0.0",
     "compression-webpack-plugin": "^4.0.0",
     "cpy": "^8.0.0",

diff --git a/packages/osd-optimizer/postcss.config.js b/packages/osd-optimizer/postcss.config.js
@@ -31,5 +31,7 @@
  */
 
 module.exports = {
-  plugins: [require('autoprefixer')()],
+  plugins: [
+    /*require('autoprefixer')()*/
+  ],
 };
diff --git a/packages/osd-optimizer/src/integration_tests/__snapshots__/basic_optimization.test.ts.snap b/packages/osd-optimizer/src/integration_tests/__snapshots__/basic_optimization.test.ts.snap
diff --git a/packages/osd-plugin-helpers/src/integration_tests/build.test.ts b/packages/osd-plugin-helpers/src/integration_tests/build.test.ts
@@ -103,8 +103,10 @@ it('builds a generated plugin into a viable archive', async () => {
      info running @osd/optimizer
      │ info initialized, 0 bundles cached
      │ info starting worker [1 bundle]
-     │ warn worker stderr Browserslist: caniuse-lite is outdated. Please run:
-     │ warn worker stderr npx browserslist@latest --update-db
+     │ warn worker stderr You did not set any plugins, parser, or stringifier. Right now, PostCSS does nothing. Pick plugins for your case on https://www.postcss.parts/ and use them in postcss.config.js.
+     │ warn worker stderr You did not set any plugins, parser, or stringifier. Right now, PostCSS does nothing. Pick plugins for your case on https://www.postcss.parts/ and use them in postcss.config.js.
+     │ warn worker stderr You did not set any plugins, parser, or stringifier. Right now, PostCSS does nothing. Pick plugins for your case on https://www.postcss.parts/ and use them in postcss.config.js.
+     │ warn worker stderr You did not set any plugins, parser, or stringifier. Right now, PostCSS does nothing. Pick plugins for your case on https://www.postcss.parts/ and use them in postcss.config.js.
      │ succ 1 bundles compiled successfully after <time>
      info copying assets from \`public/assets\` to build
      info copying server source into the build and converting with babel
@@ -193,8 +195,10 @@ it('builds a non-semver generated plugin into a viable archive', async () => {
      info running @osd/optimizer
      │ info initialized, 0 bundles cached
      │ info starting worker [1 bundle]
-     │ warn worker stderr Browserslist: caniuse-lite is outdated. Please run:
-     │ warn worker stderr npx browserslist@latest --update-db
+     │ warn worker stderr You did not set any plugins, parser, or stringifier. Right now, PostCSS does nothing. Pick plugins for your case on https://www.postcss.parts/ and use them in postcss.config.js.
+     │ warn worker stderr You did not set any plugins, parser, or stringifier. Right now, PostCSS does nothing. Pick plugins for your case on https://www.postcss.parts/ and use them in postcss.config.js.
+     │ warn worker stderr You did not set any plugins, parser, or stringifier. Right now, PostCSS does nothing. Pick plugins for your case on https://www.postcss.parts/ and use them in postcss.config.js.
+     │ warn worker stderr You did not set any plugins, parser, or stringifier. Right now, PostCSS does nothing. Pick plugins for your case on https://www.postcss.parts/ and use them in postcss.config.js.
      │ succ 1 bundles compiled successfully after <time>
      info copying assets from \`public/assets\` to build
      info copying server source into the build and converting with babel