From e53279bd80c224fc12d73b961c8de763e44c5e41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dafydd=20Ll=C5=B7r=20Pearson?= Date: Wed, 14 Aug 2024 08:48:58 +0100 Subject: [PATCH] fix: CVE-2024-39338 --- api.planx.uk/package.json | 2 +- api.planx.uk/pnpm-lock.yaml | 10 +++++----- e2e/tests/api-driven/package.json | 2 +- e2e/tests/api-driven/pnpm-lock.yaml | 8 ++++---- e2e/tests/ui-driven/package.json | 2 +- e2e/tests/ui-driven/pnpm-lock.yaml | 8 ++++---- editor.planx.uk/package.json | 2 +- editor.planx.uk/pnpm-lock.yaml | 8 ++++---- 8 files changed, 21 insertions(+), 21 deletions(-) diff --git a/api.planx.uk/package.json b/api.planx.uk/package.json index 8a784bcd05..0f67f94765 100644 --- a/api.planx.uk/package.json +++ b/api.planx.uk/package.json @@ -15,7 +15,7 @@ "@types/isomorphic-fetch": "^0.0.36", "adm-zip": "^0.5.10", "aws-sdk": "^2.1467.0", - "axios": "^1.7.2", + "axios": "^1.7.4", "body-parser": "^1.20.2", "cookie-parser": "^1.4.6", "cookie-session": "^2.1.0", diff --git a/api.planx.uk/pnpm-lock.yaml b/api.planx.uk/pnpm-lock.yaml index aee3b77fe0..259dbd4511 100644 --- a/api.planx.uk/pnpm-lock.yaml +++ b/api.planx.uk/pnpm-lock.yaml @@ -26,8 +26,8 @@ dependencies: specifier: ^2.1467.0 version: 2.1467.0 axios: - specifier: ^1.7.2 - version: 1.7.2 + specifier: ^1.7.4 + version: 1.7.4 body-parser: specifier: ^1.20.2 version: 1.20.2 @@ -2715,8 +2715,8 @@ packages: xml2js: 0.5.0 dev: false - /axios@1.7.2: - resolution: {integrity: sha512-2A8QhOMrbomlDuiLeK9XibIBzuHeRcqqNOHp0Cyp5EoJ1IFDh+XZH3A6BkXtv0K4gFGCI0Y4BM7B1wOEi0Rmgw==} + /axios@1.7.4: + resolution: {integrity: sha512-DukmaFRnY6AzAALSH4J2M3k6PkaC+MfaAGdEERRWcC9q3/TWQwLpHR8ZRLKTdQ3aBDL64EdluRDjJqKw+BPZEw==} dependencies: follow-redirects: 1.15.6 form-data: 4.0.0 @@ -6411,7 +6411,7 @@ packages: resolution: {integrity: sha512-XGmW2f2CroEwIUrPaTyShpF8pLlu79rBnwWns1uPGs27LbZdzNPJF1BzPl3cG3Tsu3nVlaWeXJJYAE+ALryalA==} engines: {node: '>=14.17.3', npm: '>=6.14.13'} dependencies: - axios: 1.7.2 + axios: 1.7.4 jsonwebtoken: 9.0.2 transitivePeerDependencies: - debug diff --git a/e2e/tests/api-driven/package.json b/e2e/tests/api-driven/package.json index bf25983ca6..335af1a7d4 100644 --- a/e2e/tests/api-driven/package.json +++ b/e2e/tests/api-driven/package.json @@ -8,7 +8,7 @@ "dependencies": { "@cucumber/cucumber": "^9.3.0", "@opensystemslab/planx-core": "git+https://github.com/theopensystemslab/planx-core#6b2fd26", - "axios": "^1.7.2", + "axios": "^1.7.4", "dotenv": "^16.3.1", "dotenv-expand": "^10.0.0", "graphql": "^16.8.1", diff --git a/e2e/tests/api-driven/pnpm-lock.yaml b/e2e/tests/api-driven/pnpm-lock.yaml index 3d575213b9..52ac83ad85 100644 --- a/e2e/tests/api-driven/pnpm-lock.yaml +++ b/e2e/tests/api-driven/pnpm-lock.yaml @@ -12,8 +12,8 @@ dependencies: specifier: git+https://github.com/theopensystemslab/planx-core#6b2fd26 version: github.com/theopensystemslab/planx-core/6b2fd26 axios: - specifier: ^1.7.2 - version: 1.7.2 + specifier: ^1.7.4 + version: 1.7.4 dotenv: specifier: ^16.3.1 version: 16.3.1 @@ -965,8 +965,8 @@ packages: resolution: {integrity: sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==} dev: false - /axios@1.7.2: - resolution: {integrity: sha512-2A8QhOMrbomlDuiLeK9XibIBzuHeRcqqNOHp0Cyp5EoJ1IFDh+XZH3A6BkXtv0K4gFGCI0Y4BM7B1wOEi0Rmgw==} + /axios@1.7.4: + resolution: {integrity: sha512-DukmaFRnY6AzAALSH4J2M3k6PkaC+MfaAGdEERRWcC9q3/TWQwLpHR8ZRLKTdQ3aBDL64EdluRDjJqKw+BPZEw==} dependencies: follow-redirects: 1.15.6 form-data: 4.0.0 diff --git a/e2e/tests/ui-driven/package.json b/e2e/tests/ui-driven/package.json index 909984ff47..672c1814d1 100644 --- a/e2e/tests/ui-driven/package.json +++ b/e2e/tests/ui-driven/package.json @@ -9,7 +9,7 @@ }, "dependencies": { "@opensystemslab/planx-core": "git+https://github.com/theopensystemslab/planx-core#6b2fd26", - "axios": "^1.7.2", + "axios": "^1.7.4", "dotenv": "^16.3.1", "eslint": "^8.56.0", "graphql": "^16.9.0", diff --git a/e2e/tests/ui-driven/pnpm-lock.yaml b/e2e/tests/ui-driven/pnpm-lock.yaml index 5cea18fa19..e9ba862e2a 100644 --- a/e2e/tests/ui-driven/pnpm-lock.yaml +++ b/e2e/tests/ui-driven/pnpm-lock.yaml @@ -9,8 +9,8 @@ dependencies: specifier: git+https://github.com/theopensystemslab/planx-core#6b2fd26 version: github.com/theopensystemslab/planx-core/6b2fd26 axios: - specifier: ^1.7.2 - version: 1.7.2 + specifier: ^1.7.4 + version: 1.7.4 dotenv: specifier: ^16.3.1 version: 16.3.1 @@ -788,8 +788,8 @@ packages: resolution: {integrity: sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==} dev: false - /axios@1.7.2: - resolution: {integrity: sha512-2A8QhOMrbomlDuiLeK9XibIBzuHeRcqqNOHp0Cyp5EoJ1IFDh+XZH3A6BkXtv0K4gFGCI0Y4BM7B1wOEi0Rmgw==} + /axios@1.7.4: + resolution: {integrity: sha512-DukmaFRnY6AzAALSH4J2M3k6PkaC+MfaAGdEERRWcC9q3/TWQwLpHR8ZRLKTdQ3aBDL64EdluRDjJqKw+BPZEw==} dependencies: follow-redirects: 1.15.6 form-data: 4.0.0 diff --git a/editor.planx.uk/package.json b/editor.planx.uk/package.json index 1c232cddff..3badeccddc 100644 --- a/editor.planx.uk/package.json +++ b/editor.planx.uk/package.json @@ -42,7 +42,7 @@ "@turf/buffer": "^7.0.0", "@turf/helpers": "^7.0.0", "array-move": "^4.0.0", - "axios": "^1.7.2", + "axios": "^1.7.4", "bowser": "^2.11.0", "camelcase-keys": "^9.0.0", "classnames": "^2.3.2", diff --git a/editor.planx.uk/pnpm-lock.yaml b/editor.planx.uk/pnpm-lock.yaml index 625e0b510a..f56a8a3f62 100644 --- a/editor.planx.uk/pnpm-lock.yaml +++ b/editor.planx.uk/pnpm-lock.yaml @@ -130,8 +130,8 @@ dependencies: specifier: ^4.0.0 version: 4.0.0 axios: - specifier: ^1.7.2 - version: 1.7.2 + specifier: ^1.7.4 + version: 1.7.4 bowser: specifier: ^2.11.0 version: 2.11.0 @@ -9676,8 +9676,8 @@ packages: resolution: {integrity: sha512-QbUdXJVTpvUTHU7871ppZkdOLBeGUKBQWHkHrvN2V9IQWGMt61zf3B45BtzjxEJzYuj0JBjBZP/hmYS/R9pmAw==} engines: {node: '>=4'} - /axios@1.7.2: - resolution: {integrity: sha512-2A8QhOMrbomlDuiLeK9XibIBzuHeRcqqNOHp0Cyp5EoJ1IFDh+XZH3A6BkXtv0K4gFGCI0Y4BM7B1wOEi0Rmgw==} + /axios@1.7.4: + resolution: {integrity: sha512-DukmaFRnY6AzAALSH4J2M3k6PkaC+MfaAGdEERRWcC9q3/TWQwLpHR8ZRLKTdQ3aBDL64EdluRDjJqKw+BPZEw==} dependencies: follow-redirects: 1.15.6 form-data: 4.0.0