Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor(dependencies): axios to 1.7.4 #2861

Merged
merged 1 commit into from
Aug 15, 2024
Merged

Conversation

golobitch
Copy link
Collaborator

Our builds are failing due to Trivy scanner. Trivy scanner actually found that our Axios version v1.6.8 has a vulnerability - CVE-2024-39338. This was fixed in version 1.7.4, hence, the upgrade.

fix #2860

Changes proposed in this pull request

  • Upgrade axios

Context

fixes #2860

Checklist

  • Related issues linked using fixes #number
  • Tests added/updated
  • Documentation added
  • Make sure that all checks pass
  • Bruno collection updated

Copy link

netlify bot commented Aug 14, 2024

Deploy Preview for brilliant-pasca-3e80ec canceled.

Name Link
🔨 Latest commit af7aa5e
🔍 Latest deploy log https://app.netlify.com/sites/brilliant-pasca-3e80ec/deploys/66bd1f95652d110008430a55

@github-actions github-actions bot added pkg: backend Changes in the backend package. pkg: frontend Changes in the frontend package. pkg: auth Changes in the GNAP auth package. labels Aug 14, 2024
Our builds are failing due to Trivy scanner. Trivy scanner actually found that our Axios version
v1.6.8 has a vulnerability - CVE-2024-39338. This was fixed in version 1.7.4, hence, the upgrade.

fix #2860
@golobitch golobitch force-pushed the feature/axios-upgrade branch from 6b63a8e to af7aa5e Compare August 14, 2024 21:20
@golobitch golobitch requested a review from BlairCurrey August 14, 2024 21:29
@golobitch golobitch self-assigned this Aug 14, 2024
Copy link
Contributor

@BlairCurrey BlairCurrey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder why renovate bot didntbump this... looks like there were plenty of releases over the past ~6 months since 1.6.8 came out.

https://github.com/interledger/rafiki/pulls?q=is%3Apr+author%3Aapp%2Frenovate++axios

@sabineschaller sabineschaller merged commit a2c44a5 into main Aug 15, 2024
42 checks passed
@sabineschaller sabineschaller deleted the feature/axios-upgrade branch August 15, 2024 07:18
sabineschaller pushed a commit that referenced this pull request Aug 15, 2024
Our builds are failing due to Trivy scanner. Trivy scanner actually found that our Axios version
v1.6.8 has a vulnerability - CVE-2024-39338. This was fixed in version 1.7.4, hence, the upgrade.

fix #2860
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
pkg: auth Changes in the GNAP auth package. pkg: backend Changes in the backend package. pkg: frontend Changes in the frontend package.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[BUG] CVE-2024-39338
3 participants