From 766e49a5f5ab2e608f4a8fcb2cc3a0b5e68c2136 Mon Sep 17 00:00:00 2001 From: Konstantinos Kopanidis Date: Fri, 27 Oct 2023 20:02:38 +0300 Subject: [PATCH] [Snyk] Security upgrade axios from 1.5.1 to 1.6.0 (#774) * fix: modules/authentication/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-6032459 * chore: update yarn.lock --------- Co-authored-by: snyk-bot --- modules/authentication/package.json | 2 +- modules/authorization/package.json | 2 +- modules/forms/package.json | 2 +- modules/functions/package.json | 2 +- modules/router/package.json | 2 +- yarn.lock | 11 ++++++++++- 6 files changed, 15 insertions(+), 6 deletions(-) diff --git a/modules/authentication/package.json b/modules/authentication/package.json index 59468b217..8aab20f9a 100644 --- a/modules/authentication/package.json +++ b/modules/authentication/package.json @@ -32,7 +32,7 @@ "@conduitplatform/node-2fa": "^1.0.0", "@grpc/grpc-js": "^1.9.7", "@grpc/proto-loader": "^0.7.6", - "axios": "^1.5.1", + "axios": "^1.6.0", "bcrypt": "^5.1.1", "convict": "^6.2.4", "crypto": "^1.0.1", diff --git a/modules/authorization/package.json b/modules/authorization/package.json index e5fb145c2..f3531474e 100644 --- a/modules/authorization/package.json +++ b/modules/authorization/package.json @@ -31,7 +31,7 @@ "@conduitplatform/module-tools": "*", "@grpc/grpc-js": "^1.9.7", "@grpc/proto-loader": "^0.7.6", - "axios": "^1.5.1", + "axios": "^1.6.0", "bcrypt": "^5.1.1", "convict": "^6.2.4", "escape-string-regexp": "^4.0.0", diff --git a/modules/forms/package.json b/modules/forms/package.json index ddb32e922..0dd034d1c 100644 --- a/modules/forms/package.json +++ b/modules/forms/package.json @@ -29,7 +29,7 @@ "@conduitplatform/module-tools": "*", "@grpc/grpc-js": "^1.9.7", "@grpc/proto-loader": "^0.7.6", - "axios": "^1.5.1", + "axios": "^1.6.0", "convict": "^6.2.4", "escape-string-regexp": "^4.0.0", "lodash": "^4.17.21" diff --git a/modules/functions/package.json b/modules/functions/package.json index c7a02bf1d..7cf53cfc6 100644 --- a/modules/functions/package.json +++ b/modules/functions/package.json @@ -30,7 +30,7 @@ "@conduitplatform/module-tools": "*", "@grpc/grpc-js": "^1.9.7", "@grpc/proto-loader": "^0.7.6", - "axios": "^1.5.1", + "axios": "^1.6.0", "escape-string-regexp": "^4.0.0", "convict": "^6.2.4", "lodash": "^4.17.21", diff --git a/modules/router/package.json b/modules/router/package.json index 05f5937aa..f5bc69c31 100644 --- a/modules/router/package.json +++ b/modules/router/package.json @@ -23,7 +23,7 @@ "@conduitplatform/hermes": "^1.0.1", "@grpc/grpc-js": "^1.9.7", "@grpc/proto-loader": "^0.7.6", - "axios": "^1.5.1", + "axios": "^1.6.0", "bcrypt": "^5.1.1", "cors": "^2.8.5", "deep-object-diff": "^1.1.9", diff --git a/yarn.lock b/yarn.lock index e2c9d8fdb..d577a9b2a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4720,7 +4720,7 @@ axios@^0.26.0, axios@^0.26.1: dependencies: follow-redirects "^1.14.8" -axios@^1.0.0, axios@^1.3.3, axios@^1.5.1: +axios@^1.0.0, axios@^1.3.3: version "1.5.1" resolved "https://registry.yarnpkg.com/axios/-/axios-1.5.1.tgz#11fbaa11fc35f431193a9564109c88c1f27b585f" integrity sha512-Q28iYCWzNHjAm+yEAot5QaAMxhMghWLFVf7rRdwhUI+c2jix2DUXjAHXVi+s1ibs3mjPO/cCgbA++3BjD0vP/A== @@ -4729,6 +4729,15 @@ axios@^1.0.0, axios@^1.3.3, axios@^1.5.1: form-data "^4.0.0" proxy-from-env "^1.1.0" +axios@^1.6.0: + version "1.6.0" + resolved "https://registry.yarnpkg.com/axios/-/axios-1.6.0.tgz#f1e5292f26b2fd5c2e66876adc5b06cdbd7d2102" + integrity sha512-EZ1DYihju9pwVB+jg67ogm+Tmqc6JmhamRN6I4Zt8DfZu5lbcQGw3ozH9lFejSJgs/ibaef3A9PMXPLeefFGJg== + dependencies: + follow-redirects "^1.15.0" + form-data "^4.0.0" + proxy-from-env "^1.1.0" + babel-core@^7.0.0-bridge.0: version "7.0.0-bridge.0" resolved "https://registry.yarnpkg.com/babel-core/-/babel-core-7.0.0-bridge.0.tgz#95a492ddd90f9b4e9a4a1da14eb335b87b634ece"