Update to v1.5.10 open-source release (#227)

aws-solutions · Sep 20, 2024 · 0012334 · 0012334
1 parent d1cfddc
commit 0012334
Show file tree

Hide file tree

Showing 20 changed files with 1,386 additions and 1,254 deletions.
diff --git a/.viperlightignore b/.viperlightignore
@@ -19,7 +19,6 @@ Config
 @aws-amplify/api=4.0.64 
 @aws-amplify/core=4.7.15
 aws-amplify=4.3.46
-bootstrap=4.6.2
 vue-router=3.6.5
 eslint=7.32.0
 eslint-plugin-vue=7.20.0

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,18 +4,28 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.5.10] - 2024-09-20
+### Security: 
+- Bump webpack to `5.94.0` to resolve [CVE-2024-43788](https://github.com/advisories/GHSA-4vvj-4cpr-p986)
+- Bump serve-static to `1.16.2` to resolve CVE with send [ CVE-2024-43799](https://github.com/advisories/GHSA-m6fv-jmcg-4jfg)
+- Bump path-to-regexp to `0.1.10` to resolve [CVE-2024-45296](https://github.com/advisories/GHSA-9wv6-86v2-598j)
+- Bump micromatch to `4.0.8` to resolve [CVE-2024-4067](https://github.com/advisories/GHSA-952p-6rrq-rcjv)
+- Remove usage of `bootstrap-vue` (EOL) and migrate `bootstrap v4` (EOL) to `bootstrap v5` to resolve [CVE-2024-6531](https://nvd.nist.gov/vuln/detail/CVE-2024-6531)
+- Adds Security.md file to provide guidance around reporting security vulnerabilities.
+
+
 ## [1.5.9] - 2024-08-02
 ### Security: 
-- Bump `fast-xml-parser` to `4.4.1` to resolve [CVE-2024-41818]
-- Update to Vue 3 compat build and replace `vue-template-compiler` with `@vue/compiler-sfc` to resolve [CVE-2024-6783]
+- Bump `fast-xml-parser` to `4.4.1` to resolve [CVE-2024-41818](https://nvd.nist.gov/vuln/detail/CVE-2024-41818)
+- Update to Vue 3 compat build and replace `vue-template-compiler` with `@vue/compiler-sfc` to resolve [CVE-2024-6783](https://nvd.nist.gov/vuln/detail/CVE-2024-6783)
 
 ### Removed
 - Unused `vue-stepper-component` and `vue2-dropzone` dependencies
 
 ## [1.5.8] - 2024-06-23
 ### Security:
-- Bump `braces` to `3.0.3` to resolve [CVE-2024-4068]
-- Bump `ws` to resolve [CVE-2024-37890]
+- Bump `braces` to `3.0.3` to resolve [CVE-2024-4068](https://nvd.nist.gov/vuln/detail/CVE-2024-4068)
+- Bump `ws` to resolve [CVE-2024-37890](https://nvd.nist.gov/vuln/detail/CVE-2024-37890)
 
 ## [1.5.7] - 2024-05-30
 ### Fixed:
@@ -27,19 +37,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [1.5.6] - 2024-04-09
 ### Fixed:
 - Updated axios sub-dependency to use v0.28.0 to resolve security vulnerabilities:
-  - [CVE-2023-45857]
-  - [CVE-2024-28849]
-  - [CVE-2023-26159]
+  - [CVE-2023-45857](https://nvd.nist.gov/vuln/detail/CVE-2023-45857)
+  - [CVE-2024-28849](https://nvd.nist.gov/vuln/detail/CVE-2024-28849)
+  - [CVE-2023-26159](https://nvd.nist.gov/vuln/detail/CVE-2023-26159)
 
 - Re-generated package-lock to resolve security vulnerabilities:
-  - [CVE-2024-29180]
-  - [CVE-2023-42282]
-  - [CVE-2024-29041]
+  - [CVE-2024-29180](https://nvd.nist.gov/vuln/detail/CVE-2024-29180)
+  - [CVE-2023-42282](https://nvd.nist.gov/vuln/detail/CVE-2023-42282)
+  - [CVE-2024-29041](https://nvd.nist.gov/vuln/detail/CVE-2024-29041)
 
 ## [1.5.5] - 2023-10-20
 ### Fixed:
-- Updated crypto.js dependency to fix security vulnerabilities [CVE-2023-46233]
-- Updated react-dev-tools dependency to fix security vulnerabilities [CVE-2023-5654]
+- Updated crypto.js dependency to fix security vulnerabilities [CVE-2023-46233](https://nvd.nist.gov/vuln/detail/CVE-2023-46233)
+- Updated react-dev-tools dependency to fix security vulnerabilities [CVE-2023-5654](https://nvd.nist.gov/vuln/detail/CVE-2023-5654)
 - Update urllib3 dependency to v1.26.18
 
 ## [1.5.4] - 2023-10-20

diff --git a/NOTICE b/NOTICE
@@ -58,7 +58,7 @@ aws-amplify under the Apache License Version 2.0
 aws-amplify-vue under the Apache License Version 2.0
 aws-sdk under the Apache License Version 2.0
 bootstrap under the MIT License (MIT)
-bootstrap-vue under the MIT License (MIT)
+bootstrap-icons under the MIT License (MIT)
 core-js under the MIT License (MIT)
 awscli under the Apache License Version 2.0
 colorama under the BSD-3-Clause License

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,11 @@
+# Reporting Security Issues
+
+We take all security reports seriously.
+When we receive such reports,
+we will investigate and subsequently address
+any potential vulnerabilities as quickly as possible.
+If you discover a potential security issue in this project,
+please notify AWS/Amazon Security via our
+[vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/)
+or directly via email to [AWS Security](mailto:aws-security@amazon.com).
+Please do *not* create a public GitHub issue in this project.