-
Notifications
You must be signed in to change notification settings - Fork 7.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(core): Upgrade Rudderstack SDK to address CVE-2023-45857 #8368
Conversation
7a118b9
to
e7bc2ac
Compare
This helps remove some of the older versions of transient dependencies, like axios 0.x and ioredis 4.x.
e7bc2ac
to
cf1b4d5
Compare
axiosInstance, | ||
logLevel, | ||
dataPlaneUrl, | ||
gzip: false, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
unless we upgrade the dataplane to version 1.4 or above, gzipped payloads will cause 500s.
Since we haven't been gzipping telemetry payloads so far, this is not a blocker.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I saw this CVE but was afraid I could not properly test rudderstack's SDK so I did not touch it. Can we certify that, since this is a major version upgrade, things are still working? Feel free to disregard if you've gone through this already.
1 flaky test on run #3938 ↗︎
Details:
cypress/e2e/5-ndv.cy.ts • 1 flaky test
Review all test suite changes for PR #8368 ↗︎ |
✅ All Cypress E2E specs passed |
Got released with |
This helps remove some of the older versions of transient dependencies, like axios 0.x and ioredis 4.x.
This needs some thorough testing before we can merge this.
Review / Merge checklist