From 36073257b3a8ea5070adc6af71fde90b6979d5db Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Wed, 5 Jun 2024 02:12:29 +0000
Subject: [PATCH] Bump tar from 6.1.13 to 6.2.1 (#6492)

* [CVE-2024-28863] Bump tar from 6.1.11 to 6.2.1

Signed-off-by: Suchit Sahoo <suchsah@amazon.com>

* Changeset file for PR #6492 created/updated

* Changeset file for PR #6492 created/updated

* Changeset file for PR #6492 created/updated

* Changeset file for PR #6492 created/updated

* Changeset file for PR #6492 created/updated

---------

Signed-off-by: Suchit Sahoo <suchsah@amazon.com>
Co-authored-by: opensearch-changeset-bot[bot] <154024398+opensearch-changeset-bot[bot]@users.noreply.github.com>
(cherry picked from commit 2b8600dc4100a50f1c1b38d2f0cd5acd1771a29a)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
---
 changelogs/fragments/6492.yml |  2 ++
 package.json                  |  1 +
 yarn.lock                     | 27 ++++++++++-----------------
 3 files changed, 13 insertions(+), 17 deletions(-)
 create mode 100644 changelogs/fragments/6492.yml

diff --git a/changelogs/fragments/6492.yml b/changelogs/fragments/6492.yml
new file mode 100644
index 000000000000..1212133215c5
--- /dev/null
+++ b/changelogs/fragments/6492.yml
@@ -0,0 +1,2 @@
+security:
+- [CVE-2024-28863] Bump tar from 6.1.11 to 6.2.1 ([#6492](/~https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6492))
\ No newline at end of file
diff --git a/package.json b/package.json
index 51402ca5da37..30bca1ea69f9 100644
--- a/package.json
+++ b/package.json
@@ -104,6 +104,7 @@
     "**/qs": "^6.11.0",
     "**/semver": "^7.5.3",
     "**/set-value": "^4.1.0",
+    "**/tar":"^6.2.1",
     "**/topo/hoek": "npm:@amoo-miki/hoek@6.1.3",
     "**/trim": "^0.0.3",
     "**/typescript": "4.0.2",
diff --git a/yarn.lock b/yarn.lock
index 832c2497adb5..7c0641bd2181 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -12665,6 +12665,11 @@ minipass@^4.0.0:
   resolved "https://registry.yarnpkg.com/minipass/-/minipass-4.2.8.tgz#f0010f64393ecfc1d1ccb5f582bcaf45f48e1a3a"
   integrity sha512-fNzuVyifolSLFL4NzpF+wEF4qrgqaaKX0haXPQEdQ7NKAN+WecoKMHV09YcuL/DHxrUsYQOK3MiuDf7Ip2OXfQ==
 
+minipass@^5.0.0:
+  version "5.0.0"
+  resolved "https://registry.yarnpkg.com/minipass/-/minipass-5.0.0.tgz#3e9788ffb90b694a5d0ec94479a45b5d8738133d"
+  integrity sha512-3FnjYuehv9k6ovOEbyOswadCDPX1piCfhV8ncmYtHOjuPwylVWsghTLo7rabjC3Rx5xD4HDx8Wm1xnMF7S5qFQ==
+
 minizlib@^2.1.1:
   version "2.1.2"
   resolved "https://registry.yarnpkg.com/minizlib/-/minizlib-2.1.2.tgz#e90d3466ba209b932451508a11ce3d3632145931"
@@ -16821,26 +16826,14 @@ tar-stream@^2.1.4, tar-stream@^2.2.0:
     inherits "^2.0.3"
     readable-stream "^3.1.1"
 
-tar@6.1.11:
-  version "6.1.11"
-  resolved "https://registry.yarnpkg.com/tar/-/tar-6.1.11.tgz#6760a38f003afa1b2ffd0ffe9e9abbd0eab3d621"
-  integrity sha512-an/KZQzQUkZCkuoAA64hM92X0Urb6VpRhAFllDzz44U2mcD5scmT3zBc4VgVpkugF580+DQn8eAFSyoQt0tznA==
-  dependencies:
-    chownr "^2.0.0"
-    fs-minipass "^2.0.0"
-    minipass "^3.0.0"
-    minizlib "^2.1.1"
-    mkdirp "^1.0.3"
-    yallist "^4.0.0"
-
-tar@^6.0.2, tar@^6.1.11:
-  version "6.1.13"
-  resolved "https://registry.yarnpkg.com/tar/-/tar-6.1.13.tgz#46e22529000f612180601a6fe0680e7da508847b"
-  integrity sha512-jdIBIN6LTIe2jqzay/2vtYLlBHa3JF42ot3h1dW8Q0PaAG4v8rm0cvpVePtau5C6OKXGGcgO9q2AMNSWxiLqKw==
+tar@6.1.11, tar@^6.0.2, tar@^6.1.11, tar@^6.2.1:
+  version "6.2.1"
+  resolved "https://registry.yarnpkg.com/tar/-/tar-6.2.1.tgz#717549c541bc3c2af15751bea94b1dd068d4b03a"
+  integrity sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==
   dependencies:
     chownr "^2.0.0"
     fs-minipass "^2.0.0"
-    minipass "^4.0.0"
+    minipass "^5.0.0"
     minizlib "^2.1.1"
     mkdirp "^1.0.3"
     yallist "^4.0.0"