From af7aa5eb45d68f56b2cd2d6e11b3bf0cda0f5c94 Mon Sep 17 00:00:00 2001 From: golobitch Date: Wed, 14 Aug 2024 23:14:01 +0200 Subject: [PATCH] refactor(dependencies): axios to 1.7.4 Our builds are failing due to Trivy scanner. Trivy scanner actually found that our Axios version v1.6.8 has a vulnerability - CVE-2024-39338. This was fixed in version 1.7.4, hence, the upgrade. fix #2860 --- packages/auth/package.json | 2 +- packages/backend/package.json | 2 +- packages/frontend/package.json | 2 +- packages/token-introspection/package.json | 2 +- pnpm-lock.yaml | 36 +++++++++++++++-------- 5 files changed, 27 insertions(+), 17 deletions(-) diff --git a/packages/auth/package.json b/packages/auth/package.json index 88c87cc5eb..f12a74ea86 100644 --- a/packages/auth/package.json +++ b/packages/auth/package.json @@ -35,7 +35,7 @@ "@koa/cors": "^5.0.0", "@koa/router": "^12.0.0", "ajv": "^8.12.0", - "axios": "^1.6.8", + "axios": "^1.7.4", "dotenv": "^16.4.5", "graphql": "^16.8.1", "ioredis": "^5.3.2", diff --git a/packages/backend/package.json b/packages/backend/package.json index cfc473b1c0..45f0a69fcd 100644 --- a/packages/backend/package.json +++ b/packages/backend/package.json @@ -75,7 +75,7 @@ "@opentelemetry/sdk-node": "^0.52.1", "@opentelemetry/sdk-trace-node": "^1.25.1", "ajv": "^8.12.0", - "axios": "1.6.8", + "axios": "1.7.4", "base64url": "^3.0.1", "dotenv": "^16.4.5", "extensible-error": "^1.0.2", diff --git a/packages/frontend/package.json b/packages/frontend/package.json index fb5eeb4497..c7a77bdbce 100644 --- a/packages/frontend/package.json +++ b/packages/frontend/package.json @@ -20,7 +20,7 @@ "@remix-run/node": "^2.6.0", "@remix-run/react": "^2.6.0", "@remix-run/serve": "^2.6.0", - "axios": "^1.6.5", + "axios": "^1.7.4", "class-variance-authority": "^0.7.0", "graphql": "^16.8.1", "ilp-packet": "3.1.4-alpha.2", diff --git a/packages/token-introspection/package.json b/packages/token-introspection/package.json index 88cd555ed0..bba8ec2d7e 100644 --- a/packages/token-introspection/package.json +++ b/packages/token-introspection/package.json @@ -27,7 +27,7 @@ "dependencies": { "@interledger/open-payments": "6.11.1", "@interledger/openapi": "2.0.1", - "axios": "^1.6.8", + "axios": "^1.7.4", "pino": "^8.19.0" } } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 29cbb43843..faac6f3ba0 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -107,7 +107,7 @@ importers: version: 9.0.8 axios: specifier: ^1.6.8 - version: 1.6.8(debug@4.3.2) + version: 1.6.8 class-variance-authority: specifier: ^0.7.0 version: 0.7.0 @@ -200,8 +200,8 @@ importers: specifier: ^8.12.0 version: 8.12.0 axios: - specifier: ^1.6.8 - version: 1.6.8(debug@4.3.2) + specifier: ^1.7.4 + version: 1.7.4(debug@4.3.2) dotenv: specifier: ^16.4.5 version: 16.4.5 @@ -393,8 +393,8 @@ importers: specifier: ^8.12.0 version: 8.12.0 axios: - specifier: 1.6.8 - version: 1.6.8(debug@4.3.2) + specifier: 1.7.4 + version: 1.7.4(debug@4.3.2) base64url: specifier: ^3.0.1 version: 3.0.1 @@ -607,8 +607,8 @@ importers: specifier: ^2.6.0 version: 2.6.0(typescript@5.4.3) axios: - specifier: ^1.6.5 - version: 1.6.8(debug@4.3.2) + specifier: ^1.7.4 + version: 1.7.4(debug@4.3.2) class-variance-authority: specifier: ^0.7.0 version: 0.7.0 @@ -729,8 +729,8 @@ importers: specifier: 2.0.1 version: 2.0.1 axios: - specifier: ^1.6.8 - version: 1.6.8(debug@4.3.2) + specifier: ^1.7.4 + version: 1.7.4(debug@4.3.2) pino: specifier: ^8.19.0 version: 8.19.0 @@ -5608,7 +5608,7 @@ packages: /@ory/client@1.9.0: resolution: {integrity: sha512-O4a1ijgJtMNIA+ZmWUmCodxX13ID72hOaCB0b9FQGQBzuFgF2x/Yq5D43nrMYZaDtvDvja8J1XIXhUkjz1TDOw==} dependencies: - axios: 1.6.8(debug@4.3.2) + axios: 1.7.4(debug@4.3.2) transitivePeerDependencies: - debug dev: false @@ -8018,7 +8018,7 @@ packages: engines: {node: '>=4'} dev: true - /axios@1.6.8(debug@4.3.2): + /axios@1.6.8: resolution: {integrity: sha512-v/ZHtJDU39mDpyBoFVkETcd/uNdxrWRrg3bKpOKzXFA6Bvqopts6ALSMU3y6ijYxbw2B+wPrIv46egTzJXCLGQ==} dependencies: follow-redirects: 1.15.6(debug@4.3.2) @@ -8026,6 +8026,16 @@ packages: proxy-from-env: 1.1.0 transitivePeerDependencies: - debug + dev: false + + /axios@1.7.4(debug@4.3.2): + resolution: {integrity: sha512-DukmaFRnY6AzAALSH4J2M3k6PkaC+MfaAGdEERRWcC9q3/TWQwLpHR8ZRLKTdQ3aBDL64EdluRDjJqKw+BPZEw==} + dependencies: + follow-redirects: 1.15.6(debug@4.3.2) + form-data: 4.0.0 + proxy-from-env: 1.1.0 + transitivePeerDependencies: + - debug /axobject-query@3.2.1: resolution: {integrity: sha512-jsyHu61e6N4Vbz/v18DHwWYKK0bSWLqn47eeDSKPB7m8tqMHF9YJ+mhIk2lVteyZrY8tnSj/jHOv4YiTCuCJgg==} @@ -13377,7 +13387,7 @@ packages: engines: {node: '>=8.3.0'} hasBin: true dependencies: - axios: 1.6.8(debug@4.3.2) + axios: 1.7.4(debug@4.3.2) debug: 4.3.2 openurl: 1.1.1 yargs: 17.1.1 @@ -15306,7 +15316,7 @@ packages: dependencies: '@types/request': 2.48.8 '@types/superagent': 4.1.15 - axios: 1.6.8(debug@4.3.2) + axios: 1.7.4(debug@4.3.2) combos: 0.2.0 fs-extra: 9.1.0 js-yaml: 4.1.0