chore(deps): bump axios to 1.7.4 to address CVE #2201
Conversation
Bump to axios 1.7.4 to for sec vuln fix. https://github.com/axios/axios/releases/tag/v1.7.4
|
Thanks for the contribution! Before we can merge this, we need @helzahalim to sign the Salesforce Inc. Contributor License Agreement. |
zimeg
added
security
semver:patch
dependencies
|
Hi @helzahalim 👋 Thanks for raising this so quickly! To merge this PR we'll need the Once that's passing, we can merge! But in the meantime I'll be checking to see if @dependabot can help keep an eye on all of these packages 🙏 |
zimeg
changed the title
|
I have signed in though |
|
Unfortunately after upgrading to 1.7.4, it still doesnt fix the vulnerability. Going to close this PR |
|
@helzahalim Thanks for signing the CLA! Sometimes the bot is slow to update and would require we close and reopen the PR. Sometimes that does the trick 😏 Also thank you for following along with the upstream fixes 🙏 I'll keep an eye on these too, but feel free to share findings you find, whatever you might find! And I also didn't discover tricks with @dependabot around raising these updates more frequently than the scheduled updates... Oh well, @dependabot is still great to me 👑 |
|
I reopen this @zimeg . Apparently just like the bot, Snyk takes awhile to update.. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #2201 +/- ##
=======================================
Coverage 82.07% 82.07%
=======================================
Files 18 18
Lines 1545 1545
Branches 443 443
=======================================
Hits 1268 1268
Misses 179 179
Partials 98 98 ☔ View full report in Codecov by Sentry. |
Bump to axios 1.7.4 to for sec vuln fix.
https://github.com/axios/axios/releases/tag/v1.7.4
Summary
Describe the goal of this PR. Mention any related Issue numbers.
Requirements (place an
xin each[ ])