Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor(dependencies): axios to 1.7.4 #2861

Merged
merged 1 commit into from
Aug 15, 2024
Merged

refactor(dependencies): axios to 1.7.4 #2861

merged 1 commit into from
Aug 15, 2024

Conversation

golobitch
Copy link
Collaborator

Our builds are failing due to Trivy scanner. Trivy scanner actually found that our Axios version v1.6.8 has a vulnerability - CVE-2024-39338. This was fixed in version 1.7.4, hence, the upgrade.

fix #2860

Changes proposed in this pull request

  • Upgrade axios

Context

fixes #2860

Checklist

  • Related issues linked using fixes #number
  • Tests added/updated
  • Documentation added
  • Make sure that all checks pass
  • Bruno collection updated

@netlify Netlify
Copy link

netlify bot commented Aug 14, 2024
edited
Loading

Deploy Preview for brilliant-pasca-3e80ec canceled.

Name Link
🔨 Latest commit af7aa5e
🔍 Latest deploy log https://app.netlify.com/sites/brilliant-pasca-3e80ec/deploys/66bd1f95652d110008430a55

@github-actions github-actions bot added pkg: backend Changes in the backend package. pkg: frontend Changes in the frontend package. pkg: auth Changes in the GNAP auth package. labels Aug 14, 2024
@golobitch
refactor(dependencies): axios to 1.7.4
af7aa5e 
Our builds are failing due to Trivy scanner. Trivy scanner actually found that our Axios version
v1.6.8 has a vulnerability - CVE-2024-39338. This was fixed in version 1.7.4, hence, the upgrade.

fix #2860
@golobitch golobitch self-assigned this Aug 14, 2024
BlairCurrey
BlairCurrey approved these changes Aug 15, 2024
View reviewed changes
Copy link
Contributor

@BlairCurrey BlairCurrey left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder why renovate bot didntbump this... looks like there were plenty of releases over the past ~6 months since 1.6.8 came out.

https://github.com/interledger/rafiki/pulls?q=is%3Apr+author%3Aapp%2Frenovate++axios

@sabineschaller sabineschaller merged commit a2c44a5 into main Aug 15, 2024
42 checks passed
@sabineschaller sabineschaller deleted the feature/axios-upgrade branch August 15, 2024 07:18
sabineschaller pushed a commit that referenced this pull request Aug 15, 2024
@golobitch @sabineschaller
refactor(dependencies): axios to 1.7.4 (#2861)
31bf57c 
Our builds are failing due to Trivy scanner. Trivy scanner actually found that our Axios version
v1.6.8 has a vulnerability - CVE-2024-39338. This was fixed in version 1.7.4, hence, the upgrade.

fix #2860
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BlairCurrey BlairCurrey BlairCurrey approved these changes

Assignees

@golobitch golobitch

Labels
pkg: auth Changes in the GNAP auth package. pkg: backend Changes in the backend package. pkg: frontend Changes in the frontend package.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[BUG] CVE-2024-39338
3 participants
@golobitch @BlairCurrey @sabineschaller