refactor(dependencies): axios to 1.7.4

Our builds are failing due to Trivy scanner. Trivy scanner actually found that our Axios version v1.6.8 has a vulnerability - CVE-2024-39338. This was fixed in version 1.7.4, hence, the upgrade. fix #2860
interledger · Aug 14, 2024 · af7aa5e · af7aa5e
1 parent 5e81fc1
commit af7aa5e
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 17 deletions.
diff --git a/packages/auth/package.json b/packages/auth/package.json
@@ -35,7 +35,7 @@
     "@koa/cors": "^5.0.0",
     "@koa/router": "^12.0.0",
     "ajv": "^8.12.0",
-    "axios": "^1.6.8",
+    "axios": "^1.7.4",
     "dotenv": "^16.4.5",
     "graphql": "^16.8.1",
     "ioredis": "^5.3.2",

diff --git a/packages/backend/package.json b/packages/backend/package.json
@@ -75,7 +75,7 @@
     "@opentelemetry/sdk-node": "^0.52.1",
     "@opentelemetry/sdk-trace-node": "^1.25.1",
     "ajv": "^8.12.0",
-    "axios": "1.6.8",
+    "axios": "1.7.4",
     "base64url": "^3.0.1",
     "dotenv": "^16.4.5",
     "extensible-error": "^1.0.2",

diff --git a/packages/frontend/package.json b/packages/frontend/package.json
@@ -20,7 +20,7 @@
     "@remix-run/node": "^2.6.0",
     "@remix-run/react": "^2.6.0",
     "@remix-run/serve": "^2.6.0",
-    "axios": "^1.6.5",
+    "axios": "^1.7.4",
     "class-variance-authority": "^0.7.0",
     "graphql": "^16.8.1",
     "ilp-packet": "3.1.4-alpha.2",

diff --git a/packages/token-introspection/package.json b/packages/token-introspection/package.json
@@ -27,7 +27,7 @@
   "dependencies": {
     "@interledger/open-payments": "6.11.1",
     "@interledger/openapi": "2.0.1",
-    "axios": "^1.6.8",
+    "axios": "^1.7.4",
     "pino": "^8.19.0"
   }
 }
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml