Skip to content

Commit

Permalink
Bump axios to 0.28.0 in 2.x (#6147)
Browse files Browse the repository at this point in the history
* Bump oui to 1.5.1 (#5862)

* bump oui to 1.5.1

Signed-off-by: Ashwin P Chandran <[email protected]>

* Updates changelog

---------

Signed-off-by: Ashwin P Chandran <[email protected]>

(cherry picked from commit bd75107)
Signed-off-by: Miki <[email protected]>

* Bump axios to 0.28.0

Signed-off-by: Miki <[email protected]>

---------

Signed-off-by: Ashwin P Chandran <[email protected]>
Signed-off-by: Miki <[email protected]>
Co-authored-by: Ashwin P Chandran <[email protected]>
  • Loading branch information
AMoo-Miki and ashwin-pc authored Mar 19, 2024
1 parent 88e8c9c commit ac53fe7
Show file tree
Hide file tree
Showing 7 changed files with 31 additions and 21 deletions.
2 changes: 1 addition & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)

### 🛡 Security

- [CVE-2023-45857] Bump `axios` from `0.27.2` to `0.28.0` ([#6147](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6147))
- [CVE-2024-27088] Bump es5-ext from `0.10.59` to `0.10.64` ([#6021](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6021))

### 📈 Features/Enhancements
Expand Down Expand Up @@ -39,7 +40,6 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
- [WS-2021-0638] Bump mocha from `7.2.0` to `10.1.0` ([#2711](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2711))
- Add support for TLS v1.3 ([#5133](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5133))
- [CVE-2023-45133] Bump all babel dependencies from `7.16.x` to `7.22.9` to fix upstream vulnerability ([#5428](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5428))
- [CVE-2023-45857] Bump `axios` from `0.27.2` to `1.6.1` ([#5470](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5470))
- [CVE-2023-26159] Bump `follow-redirects` from `1.15.2` to `1.15.4` ([#5669](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5669))
- [CVE-2020-8203] Bump `cheerio` from `0.22.0` to `1.0.0-rc.1` to fix vulnerable `lodash` dependency ([#5797](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5797))

Expand Down
2 changes: 1 addition & 1 deletion packages/osd-dev-utils/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
"dependencies": {
"@babel/core": "^7.22.9",
"@osd/utils": "1.0.0",
"axios": "^0.27.2",
"axios": "^0.28.0",
"chalk": "^4.1.0",
"cheerio": "1.0.0-rc.1",
"dedent": "^0.7.0",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ import { ToolingLog } from '../tooling_log';

const isConcliftOnGetError = (error: any) => {
return (
isAxiosResponseError(error) && error.config.method === 'GET' && error.response.status === 409
isAxiosResponseError(error) && error.config?.method === 'GET' && error.response.status === 409
);
};

Expand Down
1 change: 1 addition & 0 deletions packages/osd-test/src/failed_tests_reporter/github_api.ts
Original file line number Diff line number Diff line change
Expand Up @@ -233,6 +233,7 @@ export class GithubApi {
const githubApiFailed = isAxiosResponseError(error) && error.response.status >= 500;
const errorResponseLog =
isAxiosResponseError(error) &&
error.config &&
`[${error.config.method} ${error.config.url}] ${error.response.status} ${error.response.statusText} Error`;

if ((unableToReachGithub || githubApiFailed) && attempt < maxAttempts) {
Expand Down
2 changes: 1 addition & 1 deletion packages/osd-ui-shared-deps/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
"@osd/i18n": "1.0.0",
"@osd/monaco": "1.0.0",
"abortcontroller-polyfill": "^1.4.0",
"axios": "^0.27.2",
"axios": "^0.28.0",
"compression-webpack-plugin": "npm:@amoo-miki/[email protected]",
"core-js": "^3.6.5",
"custom-event-polyfill": "^0.3.0",
Expand Down
8 changes: 8 additions & 0 deletions scripts/postinstall.js
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,14 @@ const run = async () => {
])
);

//Axios's type definition is far too advanced for OSD
promises.push(
patchFile('node_modules/axios/index.d.ts', {
from: '[Key in Method as Lowercase<Key>]: AxiosHeaders;',
to: '[Key in Method]: AxiosHeaders;',
})
);

await Promise.all(promises);
};

Expand Down
35 changes: 18 additions & 17 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -2810,7 +2810,7 @@
dependencies:
defer-to-connect "^2.0.0"

"@testim/chrome-version@^1.1.4":
"@testim/chrome-version@^1.1.3":
version "1.1.4"
resolved "https://registry.yarnpkg.com/@testim/chrome-version/-/chrome-version-1.1.4.tgz#86e04e677cd6c05fa230dd15ac223fa72d1d7090"
integrity sha512-kIhULpw9TrGYnHp/8VfdcneIcxKnLixmADtukQRtJUmsVlMg0niMkwV0xZmi8hqa57xqilIHjWFA0GKvEjVU5g==
Expand Down Expand Up @@ -4909,20 +4909,21 @@ axe-core@^4.0.2, axe-core@^4.3.5:
resolved "https://registry.yarnpkg.com/axe-core/-/axe-core-4.4.1.tgz#7dbdc25989298f9ad006645cd396782443757413"
integrity sha512-gd1kmb21kwNuWr6BQz8fv6GNECPBnUasepcoLbekws23NVBLODdsClRZ+bQ8+9Uomf3Sm3+Vwn0oYG9NvwnJCw==

axios@^0.27.2:
version "0.27.2"
resolved "https://registry.yarnpkg.com/axios/-/axios-0.27.2.tgz#207658cc8621606e586c85db4b41a750e756d972"
integrity sha512-t+yRIyySRTp/wua5xEr+z1q60QmLq8ABsS5O9Me1AsE5dfKqgnCFzwiCZZ/cGNd1lq4/7akDWMxdhVlucjmnOQ==
axios@^0.28.0:
version "0.28.0"
resolved "https://registry.yarnpkg.com/axios/-/axios-0.28.0.tgz#801a4d991d0404961bccef46800e1170f8278c89"
integrity sha512-Tu7NYoGY4Yoc7I+Npf9HhUMtEEpV7ZiLH9yndTCoNhcpBH0kwcvFbzYN9/u5QKI5A6uefjsNNWaz5olJVYS62Q==
dependencies:
follow-redirects "^1.14.9"
follow-redirects "^1.15.0"
form-data "^4.0.0"
proxy-from-env "^1.1.0"

axios@^1.1.3:
version "1.2.0"
resolved "https://registry.yarnpkg.com/axios/-/axios-1.2.0.tgz#1cb65bd75162c70e9f8d118a905126c4a201d383"
integrity sha512-zT7wZyNYu3N5Bu0wuZ6QccIf93Qk1eV8LOewxgjOZFd2DenOs98cJ7+Y6703d0wkaXGY6/nZd4EweJaHz9uzQw==
version "1.6.7"
resolved "https://registry.yarnpkg.com/axios/-/axios-1.6.7.tgz#7b48c2e27c96f9c68a2f8f31e2ab19f59b06b0a7"
integrity sha512-/hDJGff6/c7u0hDkvkGxR/oy6CbCs8ziCsC7SqmhjfozqiJGc8Z11wrv9z9lYfY4K8l+H9TpjcMDX0xOZmx+RA==
dependencies:
follow-redirects "^1.15.0"
follow-redirects "^1.15.4"
form-data "^4.0.0"
proxy-from-env "^1.1.0"

Expand Down Expand Up @@ -5783,7 +5784,7 @@ chromedriver@^107.0.3:
extract-zip "^2.0.1"
https-proxy-agent "^5.0.1"
proxy-from-env "^1.1.0"
tcp-port-used "^1.0.2"
tcp-port-used "^1.0.1"

ci-info@^3.2.0:
version "3.3.0"
Expand Down Expand Up @@ -6107,10 +6108,10 @@ [email protected]:
resolved "https://registry.yarnpkg.com/compare-versions/-/compare-versions-3.5.1.tgz#26e1f5cf0d48a77eced5046b9f67b6b61075a393"
integrity sha512-9fGPIB7C6AyM18CJJBHt5EnCZDG3oiTJYy0NjfIAGjKpzv0tkxWko7TNQHF5ymqm7IH03tqmeuBxtvD+Izh6mg==

compare-versions@^6.1.0:
version "6.1.0"
resolved "https://registry.yarnpkg.com/compare-versions/-/compare-versions-6.1.0.tgz#3f2131e3ae93577df111dba133e6db876ffe127a"
integrity sha512-LNZQXhqUvqUTotpZ00qLSaify3b4VFD588aRr8MKFw4CMUr98ytzCW5wDH5qx/DEY5kCDXcbcRuCqL0szEf2tg==
compare-versions@^5.0.1:
version "5.0.3"
resolved "https://registry.yarnpkg.com/compare-versions/-/compare-versions-5.0.3.tgz#a9b34fea217472650ef4a2651d905f42c28ebfd7"
integrity sha512-4UZlZP8Z99MGEY+Ovg/uJxJuvoXuN4M6B3hKaiackiHrgzQFEe3diJi1mf1PNHbFujM7FvLrK2bpgIaImbtZ1A==

component-emitter@^1.2.1, component-emitter@^1.3.0:
version "1.3.0"
Expand Down Expand Up @@ -8827,7 +8828,7 @@ focus-lock@^0.10.2:
dependencies:
tslib "^2.0.3"

follow-redirects@^1.14.9, follow-redirects@^1.15.4:
follow-redirects@^1.15.0, follow-redirects@^1.15.4:
version "1.15.4"
resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.4.tgz#cdc7d308bf6493126b17ea2191ea0ccf3e535adf"
integrity sha512-Cr4D/5wlrb0z9dgERpUL3LrmPKVDsETIJhaCMeDfuFYcqa5bldGV6wBsAN6X/vxlXQtFBMrXdXxdL8CbDTGniw==
Expand Down Expand Up @@ -16820,7 +16821,7 @@ tar@^6.0.2, tar@^6.1.11:
mkdirp "^1.0.3"
yallist "^4.0.0"

tcp-port-used@^1.0.1:
tcp-port-used@^1.0.2:
version "1.0.2"
resolved "https://registry.yarnpkg.com/tcp-port-used/-/tcp-port-used-1.0.2.tgz#9652b7436eb1f4cfae111c79b558a25769f6faea"
integrity sha512-l7ar8lLUD3XS1V2lfoJlCBaeoaWo/2xfYt81hM7VlvR4RrMVFqfmzfhLVk40hAb368uitje5gPtBRL1m/DGvLA==
Expand Down

0 comments on commit ac53fe7

Please sign in to comment.