Bump axios to 0.28.0

Signed-off-by: Miki <miki@amazon.com>

CHANGELOG.md

@@ -10,6 +10,8 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 
 ### 🛡 Security
 
+- [CVE-2023-45857] Bump `axios` from `0.27.2` to `0.28.0` ([#5470](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5470))
+
 ### 📈 Features/Enhancements
 
 ### 🐛 Bug Fixes
@@ -37,7 +39,6 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - [WS-2021-0638] Bump mocha from `7.2.0` to `10.1.0` ([#2711](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2711))
 - Add support for TLS v1.3 ([#5133](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5133))
 - [CVE-2023-45133] Bump all babel dependencies from `7.16.x` to `7.22.9` to fix upstream vulnerability ([#5428](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5428))
-- [CVE-2023-45857] Bump `axios` from `0.27.2` to `1.6.1` ([#5470](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5470))
 - [CVE-2023-26159] Bump `follow-redirects` from `1.15.2` to `1.15.4` ([#5669](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5669))
 - [CVE-2020-8203] Bump `cheerio` from `0.22.0` to `1.0.0-rc.1` to fix vulnerable `lodash` dependency ([#5797](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5797))
 

packages/osd-dev-utils/package.json

@@ -15,7 +15,7 @@
  "dependencies": {
  "@babel/core": "^7.22.9",
  "@osd/utils": "1.0.0",
- "axios": "^0.27.2",
+ "axios": "^0.28.0",
  "chalk": "^4.1.0",
  "cheerio": "1.0.0-rc.1",
  "dedent": "^0.7.0",

packages/osd-dev-utils/src/osd_client/osd_client_requester.ts

@@ -37,7 +37,7 @@ import { ToolingLog } from '../tooling_log';
 
 const isConcliftOnGetError = (error: any) => {
  return (
- isAxiosResponseError(error) && error.config.method === 'GET' && error.response.status === 409
+ isAxiosResponseError(error) && error.config?.method === 'GET' && error.response.status === 409
  );
 };
 

packages/osd-test/src/failed_tests_reporter/github_api.ts

@@ -233,6 +233,7 @@ export class GithubApi {
  const githubApiFailed = isAxiosResponseError(error) && error.response.status >= 500;
  const errorResponseLog =
  isAxiosResponseError(error) &&
+ error.config &&
  `[${error.config.method} ${error.config.url}] ${error.response.status} ${error.response.statusText} Error`;
 
  if ((unableToReachGithub || githubApiFailed) && attempt < maxAttempts) {

packages/osd-ui-shared-deps/package.json

@@ -16,7 +16,7 @@
  "@osd/i18n": "1.0.0",
  "@osd/monaco": "1.0.0",
  "abortcontroller-polyfill": "^1.4.0",
- "axios": "^0.27.2",
+ "axios": "^0.28.0",
  "compression-webpack-plugin": "npm:@amoo-miki/compression-webpack-plugin@4.0.1-rc.1",
  "core-js": "^3.6.5",
  "custom-event-polyfill": "^0.3.0",
@@ -51,4 +51,4 @@
  "val-loader": "^2.1.2",
  "webpack": "npm:@amoo-miki/webpack@4.46.0-rc.2"
  }
-}
+}

scripts/postinstall.js

@@ -85,6 +85,14 @@ const run = async () => {
  ])
  );
 
+ //Axios's type definition is far too advanced for OSD
+ promises.push(
+ patchFile('node_modules/axios/index.d.ts', {
+ from: '[Key in Method as Lowercase<Key>]: AxiosHeaders;',
+ to: '[Key in Method]: AxiosHeaders;',
+ })
+ );
+
  await Promise.all(promises);
 };
 

yarn.lock

@@ -4992,20 +4992,21 @@ axe-core@^4.0.2, axe-core@^4.3.5:
  resolved "https://registry.yarnpkg.com/axe-core/-/axe-core-4.4.1.tgz#7dbdc25989298f9ad006645cd396782443757413"
  integrity sha512-gd1kmb21kwNuWr6BQz8fv6GNECPBnUasepcoLbekws23NVBLODdsClRZ+bQ8+9Uomf3Sm3+Vwn0oYG9NvwnJCw==
 
-axios@^0.27.2:
- version "0.27.2"
- resolved "https://registry.yarnpkg.com/axios/-/axios-0.27.2.tgz#207658cc8621606e586c85db4b41a750e756d972"
- integrity sha512-t+yRIyySRTp/wua5xEr+z1q60QmLq8ABsS5O9Me1AsE5dfKqgnCFzwiCZZ/cGNd1lq4/7akDWMxdhVlucjmnOQ==
+axios@^0.28.0:
+ version "0.28.0"
+ resolved "https://registry.yarnpkg.com/axios/-/axios-0.28.0.tgz#801a4d991d0404961bccef46800e1170f8278c89"
+ integrity sha512-Tu7NYoGY4Yoc7I+Npf9HhUMtEEpV7ZiLH9yndTCoNhcpBH0kwcvFbzYN9/u5QKI5A6uefjsNNWaz5olJVYS62Q==
  dependencies:
- follow-redirects "^1.14.9"
+ follow-redirects "^1.15.0"
  form-data "^4.0.0"
+ proxy-from-env "^1.1.0"
 
 axios@^1.1.3:
- version "1.2.0"
- resolved "https://registry.yarnpkg.com/axios/-/axios-1.2.0.tgz#1cb65bd75162c70e9f8d118a905126c4a201d383"
- integrity sha512-zT7wZyNYu3N5Bu0wuZ6QccIf93Qk1eV8LOewxgjOZFd2DenOs98cJ7+Y6703d0wkaXGY6/nZd4EweJaHz9uzQw==
+ version "1.6.7"
+ resolved "https://registry.yarnpkg.com/axios/-/axios-1.6.7.tgz#7b48c2e27c96f9c68a2f8f31e2ab19f59b06b0a7"
+ integrity sha512-/hDJGff6/c7u0hDkvkGxR/oy6CbCs8ziCsC7SqmhjfozqiJGc8Z11wrv9z9lYfY4K8l+H9TpjcMDX0xOZmx+RA==
  dependencies:
- follow-redirects "^1.15.0"
+ follow-redirects "^1.15.4"
  form-data "^4.0.0"
  proxy-from-env "^1.1.0"
 
@@ -9056,7 +9057,7 @@ focus-lock@^0.10.2:
  dependencies:
  tslib "^2.0.3"
 
-follow-redirects@^1.14.9, follow-redirects@^1.15.0, follow-redirects@^1.15.4:
+follow-redirects@^1.15.0, follow-redirects@^1.15.4:
  version "1.15.4"
  resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.4.tgz#cdc7d308bf6493126b17ea2191ea0ccf3e535adf"
  integrity sha512-Cr4D/5wlrb0z9dgERpUL3LrmPKVDsETIJhaCMeDfuFYcqa5bldGV6wBsAN6X/vxlXQtFBMrXdXxdL8CbDTGniw==
@@ -17220,7 +17221,7 @@ tar@^6.0.2, tar@^6.1.11:
  mkdirp "^1.0.3"
  yallist "^4.0.0"
 
-tcp-port-used@^1.0.2:
+tcp-port-used@^1.0.1:
  version "1.0.2"
  resolved "https://registry.yarnpkg.com/tcp-port-used/-/tcp-port-used-1.0.2.tgz#9652b7436eb1f4cfae111c79b558a25769f6faea"
  integrity sha512-l7ar8lLUD3XS1V2lfoJlCBaeoaWo/2xfYt81hM7VlvR4RrMVFqfmzfhLVk40hAb368uitje5gPtBRL1m/DGvLA==