refactor(dependencies): axios to 1.7.4 #2861
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
✅ Deploy Preview for brilliant-pasca-3e80ec canceled.
|
github-actions
bot
added
pkg: backend
Our builds are failing due to Trivy scanner. Trivy scanner actually found that our Axios version v1.6.8 has a vulnerability - CVE-2024-39338. This was fixed in version 1.7.4, hence, the upgrade. fix #2860
golobitch
force-pushed
the
feature/axios-upgrade
branch
from
6b63a8e to
af7aa5e
Compare
BlairCurrey
approved these changes
Aug 15, 2024
There was a problem hiding this comment.
I wonder why renovate bot didntbump this... looks like there were plenty of releases over the past ~6 months since 1.6.8 came out.
https://github.com/interledger/rafiki/pulls?q=is%3Apr+author%3Aapp%2Frenovate++axios
sabineschaller
pushed a commit
that referenced
this pull request
Aug 15, 2024
Our builds are failing due to Trivy scanner. Trivy scanner actually found that our Axios version v1.6.8 has a vulnerability - CVE-2024-39338. This was fixed in version 1.7.4, hence, the upgrade. fix #2860
oana-lolea
added a commit
that referenced
this pull request
Jan 14, 2025
* feat(backend): make keys unique * fix: only make keys unique per wallet address * fix(frontend): It is ambiguous on what scale is the withdrawal and deposit input (#2817) * fix(frontend): asset scale consistency in liquidity dialogs. * Ensure asset scale consistency when displaying and withdrawing liquidity by adding asset info to the liquidity dialog component and updating the input handling in Rafiki Admin UI. --------- Co-authored-by: Blair Currey <12960453+BlairCurrey@users.noreply.github.com> * chore: sync docs and readmes (#2830) * fix: getting the localenv docs and readme in sync * chore: updated MASE screenshots * chore: updating the code block language identifier to have consistent approach through the docs * chore(deps): update dependency @apollo/client to ^3.11.2 (#2822) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * feat(frontend): ux improvements to liquidity dialog component (#2839) * fixed(frontend) asset page now retains page scroll position. * feat(frontend) added autofocus to liquidity dialog input * feat(fronted) made eslint happy * feat(docker): switch to alpine3.19 (#2842) * feat(auth): build with alpine3.19 * feat(backend): build with alpine3.19 * feat(frontend): build with alpine3.19 * bump(localenv): docker image to alpine 3.19 * fix(auth): interact redirect (#2832) * fix(auth): interact redirect * fix(auth): session cookie not expiring in browser * fix(auth): session expiration time unit --------- Co-authored-by: Blair Currey <12960453+BlairCurrey@users.noreply.github.com> * feat(interaction): return grantId (#2843) * feat(auth): return granId for the grant lookup via interaction id * test(auth): check grantId is returned for grant lookup via interaction id * docs(openapi): auth return grantId for grant lookup via interaction id * feat(outgoing-payment): add grantId to admin api (#2841) * feat(backend): support for returning grantId when querying outgoing payment When querying outgoing payment, either single one, or list of them via pagination, etc., it will be possible to also get a grantId under which the outgoing * test(outgoing-payment): check if grantId is returned * docs(bruno): include grantId when fetching outgoing payment * feat(auth): soft delete access tokens and grant accesses (#2837) * feat(auth): set session expiry based on interaction expiry env (#2851) * feat(localenv): span metrics generation (#2849) * feat(localenv): add span metric generation - adds configuration that generates span metrics from tempo traces - can see new `traces_spanmetrics_bucket` etc. in local grafana dashboard * feat(localenv): add gql resolver metric * chore(localenv): give panel title * chore(deps): update dependency @types/node to ^20.14.15 (#2838) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency @apollo/client to ^3.11.4 (#2845) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * feat(2737): add fees as metric for outgoing payment. (#2831) * feat(2737): add fees as metric for outgoing payment. * feat(2737): rename to payment_fees. * feat(2737): test case updates. * feat(2737): formatting. * feat(2737): re-order test cases. Move fee collector. * feat(2737): dashboard and doc updates. * feat(2737): merged with main. * feat(2737): review feedback applied from @JoblersTune. * feat(2737): review feedback applied from @mkurapov. * feat(2737): additional tests for covert of assets and rates. * feat(2737): additional tests ensuring the increment counter was called. * feat(2737): additional tests ensuring the increment counter was called. * feat(2737): readme. * refactor(dependencies): axios to 1.7.4 (#2861) Our builds are failing due to Trivy scanner. Trivy scanner actually found that our Axios version v1.6.8 has a vulnerability - CVE-2024-39338. This was fixed in version 1.7.4, hence, the upgrade. fix #2860 * chore: add tests and better error handling * chore: formatting * fix: build * fix: add camelcase quotes and make `up` async * chore: keep latest version of key * fix: formatting * Added unrevoke wallet address key query resolver * Updated migration and removed unrevoked resolver * Checkstyle fix * Updated walletAddressKey deletion migration, removed unnecessary test for walletAddressKey service * Use ctid instead of createdAt to determine which rows are deleted * Fixed typo * Delete the least recent rows that have the same kid and are unrevoked * Updated delete script * Added revoked false back * Delete only the active keys --------- Co-authored-by: Emanuel Palestino <75344407+Emanuel-Palestino@users.noreply.github.com> Co-authored-by: Blair Currey <12960453+BlairCurrey@users.noreply.github.com> Co-authored-by: Sarah Jones <sarah38186@gmail.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Tadej Golobic <tadej@interledger.org> Co-authored-by: Nathan Lie <lie4nathan@gmail.com> Co-authored-by: Jason Bruwer <koekiebox@users.noreply.github.com> Co-authored-by: Oana Lolea <oana.lolea@breakpointit.eu>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Our builds are failing due to Trivy scanner. Trivy scanner actually found that our Axios version v1.6.8 has a vulnerability - CVE-2024-39338. This was fixed in version 1.7.4, hence, the upgrade.
fix #2860
Changes proposed in this pull request
Context
fixes #2860
Checklist
fixes #number