From 8711b537dc9bd600d81c72907b3360c1b8477d5d Mon Sep 17 00:00:00 2001 From: Konstantinos Kopanidis Date: Mon, 8 Jan 2024 10:36:04 +0200 Subject: [PATCH] [Snyk] Security upgrade axios from 1.6.3 to 1.6.4 (#877) * fix: modules/forms/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-6144788 * chore: yarn.lock update --------- Co-authored-by: snyk-bot --- modules/authentication/package.json | 2 +- modules/forms/package.json | 2 +- modules/router/package.json | 2 +- yarn.lock | 15 ++++++++++----- 4 files changed, 13 insertions(+), 8 deletions(-) diff --git a/modules/authentication/package.json b/modules/authentication/package.json index 2c6d9650a..6cf208e5e 100644 --- a/modules/authentication/package.json +++ b/modules/authentication/package.json @@ -32,7 +32,7 @@ "@conduitplatform/node-2fa": "^1.0.0", "@grpc/grpc-js": "^1.9.7", "@grpc/proto-loader": "^0.7.6", - "axios": "^1.6.3", + "axios": "^1.6.4", "bcrypt": "^5.1.1", "convict": "^6.2.4", "crypto": "^1.0.1", diff --git a/modules/forms/package.json b/modules/forms/package.json index 637acd04b..6d6220125 100644 --- a/modules/forms/package.json +++ b/modules/forms/package.json @@ -29,7 +29,7 @@ "@conduitplatform/module-tools": "*", "@grpc/grpc-js": "^1.9.7", "@grpc/proto-loader": "^0.7.6", - "axios": "^1.6.3", + "axios": "^1.6.4", "convict": "^6.2.4", "escape-string-regexp": "^4.0.0", "lodash": "^4.17.21" diff --git a/modules/router/package.json b/modules/router/package.json index c010789c5..2e342cfb6 100644 --- a/modules/router/package.json +++ b/modules/router/package.json @@ -23,7 +23,7 @@ "@conduitplatform/hermes": "^1.0.1", "@grpc/grpc-js": "^1.9.7", "@grpc/proto-loader": "^0.7.6", - "axios": "^1.6.3", + "axios": "^1.6.4", "bcrypt": "^5.1.1", "cors": "^2.8.5", "deep-object-diff": "^1.1.9", diff --git a/yarn.lock b/yarn.lock index 633503f9b..a3c1c9fb9 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4365,12 +4365,12 @@ axios@^1.6.0: form-data "^4.0.0" proxy-from-env "^1.1.0" -axios@^1.6.3: - version "1.6.3" - resolved "https://registry.yarnpkg.com/axios/-/axios-1.6.3.tgz#7f50f23b3aa246eff43c54834272346c396613f4" - integrity sha512-fWyNdeawGam70jXSVlKl+SUNVcL6j6W79CuSIPfi6HnDUmSCH6gyUys/HrqHeA/wU0Az41rRgean494d0Jb+ww== +axios@^1.6.4: + version "1.6.5" + resolved "https://registry.yarnpkg.com/axios/-/axios-1.6.5.tgz#2c090da14aeeab3770ad30c3a1461bc970fb0cd8" + integrity sha512-Ii012v05KEVuUoFWmMW/UQv9aRIc3ZwkWDcM+h5Il8izZCtRVpDUfwpoFf7eOtajT3QiGR4yDUx7lPqHJULgbg== dependencies: - follow-redirects "^1.15.0" + follow-redirects "^1.15.4" form-data "^4.0.0" proxy-from-env "^1.1.0" @@ -6631,6 +6631,11 @@ follow-redirects@^1.0.0, follow-redirects@^1.15.0: resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.2.tgz#b460864144ba63f2681096f274c4e57026da2c13" integrity sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA== +follow-redirects@^1.15.4: + version "1.15.4" + resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.4.tgz#cdc7d308bf6493126b17ea2191ea0ccf3e535adf" + integrity sha512-Cr4D/5wlrb0z9dgERpUL3LrmPKVDsETIJhaCMeDfuFYcqa5bldGV6wBsAN6X/vxlXQtFBMrXdXxdL8CbDTGniw== + foreground-child@^3.1.0: version "3.1.1" resolved "https://registry.yarnpkg.com/foreground-child/-/foreground-child-3.1.1.tgz#1d173e776d75d2772fed08efe4a0de1ea1b12d0d"