From cba076465f44b6a819e3cff7986ff4cd21a66371 Mon Sep 17 00:00:00 2001 From: Bishoy Boktor Date: Fri, 6 May 2022 08:11:16 -0700 Subject: [PATCH] [CVE] Bumps `chromedriver` to v100 and `axios` to v0.27.2 (#1552) * Addresses CVE-2022-1214 * Bumps and resolves `axios` to ^0.27.2 to address CVE * [CHANGELOG](https://github.com/axios/axios/blob/master/CHANGELOG.md) * Bumps `chromedriver` to v100 to match GitHub actions Signed-off-by: Bishoy Boktor --- package.json | 3 ++- packages/osd-dev-utils/package.json | 2 +- packages/osd-ui-shared-deps/package.json | 2 +- yarn.lock | 33 ++++++++++++------------ 4 files changed, 21 insertions(+), 19 deletions(-) diff --git a/package.json b/package.json index 40f3bac5a751..b18c6dc863a5 100644 --- a/package.json +++ b/package.json @@ -81,6 +81,7 @@ "**/@types/node": "^14.17.32", "**/ansi-regex": "^5.0.1", "**/async": "^3.2.3", + "**/axios": "^0.27.2", "**/glob-parent": "^6.0.0", "**/hoist-non-react-statics": "^3.3.2", "**/json-schema": "^0.4.0", @@ -338,7 +339,7 @@ "chai": "3.5.0", "chance": "1.0.18", "cheerio": "0.22.0", - "chromedriver": "^91.0.1", + "chromedriver": "^100.0.0", "classnames": "2.3.1", "compare-versions": "3.5.1", "d3": "3.5.17", diff --git a/packages/osd-dev-utils/package.json b/packages/osd-dev-utils/package.json index 3177d8b9fb59..ea433fa5e101 100644 --- a/packages/osd-dev-utils/package.json +++ b/packages/osd-dev-utils/package.json @@ -15,7 +15,7 @@ "dependencies": { "@babel/core": "^7.16.5", "@osd/utils": "1.0.0", - "axios": "^0.21.4", + "axios": "^0.27.2", "chalk": "^4.1.0", "cheerio": "0.22.0", "dedent": "^0.7.0", diff --git a/packages/osd-ui-shared-deps/package.json b/packages/osd-ui-shared-deps/package.json index 361b953720b3..62776c80a3c9 100644 --- a/packages/osd-ui-shared-deps/package.json +++ b/packages/osd-ui-shared-deps/package.json @@ -16,7 +16,7 @@ "@osd/monaco": "1.0.0", "abortcontroller-polyfill": "^1.4.0", "angular": "^1.8.2", - "axios": "^0.21.4", + "axios": "^0.27.2", "compression-webpack-plugin": "^4.0.0", "core-js": "^3.6.5", "custom-event-polyfill": "^0.3.0", diff --git a/yarn.lock b/yarn.lock index 57c614cfb87a..5c4347de5f3e 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2628,7 +2628,7 @@ dependencies: defer-to-connect "^2.0.0" -"@testim/chrome-version@^1.0.7": +"@testim/chrome-version@^1.1.2": version "1.1.2" resolved "https://registry.yarnpkg.com/@testim/chrome-version/-/chrome-version-1.1.2.tgz#092005c5b77bd3bb6576a4677110a11485e11864" integrity sha512-1c4ZOETSRpI0iBfIFUqU4KqwBAB2lHUAlBjZz/YqOHqwM9dTTzjV6Km0ZkiEiSCx/tLr1BtESIKyWWMww+RUqw== @@ -4775,12 +4775,13 @@ axe-core@^4.0.2, axe-core@^4.3.5: resolved "https://registry.yarnpkg.com/axe-core/-/axe-core-4.4.1.tgz#7dbdc25989298f9ad006645cd396782443757413" integrity sha512-gd1kmb21kwNuWr6BQz8fv6GNECPBnUasepcoLbekws23NVBLODdsClRZ+bQ8+9Uomf3Sm3+Vwn0oYG9NvwnJCw== -axios@^0.21.1, axios@^0.21.4: - version "0.21.4" - resolved "https://registry.yarnpkg.com/axios/-/axios-0.21.4.tgz#c67b90dc0568e5c1cf2b0b858c43ba28e2eda575" - integrity sha512-ut5vewkiu8jjGBdqpM44XxjuCjq9LAKeHVmoVfHVzy8eHgxxq8SbAVQNovDA8mVi05kP0Ea/n/UzcSHcTJQfNg== +axios@^0.24.0, axios@^0.27.2: + version "0.27.2" + resolved "https://registry.yarnpkg.com/axios/-/axios-0.27.2.tgz#207658cc8621606e586c85db4b41a750e756d972" + integrity sha512-t+yRIyySRTp/wua5xEr+z1q60QmLq8ABsS5O9Me1AsE5dfKqgnCFzwiCZZ/cGNd1lq4/7akDWMxdhVlucjmnOQ== dependencies: - follow-redirects "^1.14.0" + follow-redirects "^1.14.9" + form-data "^4.0.0" axobject-query@^2.2.0: version "2.2.0" @@ -5686,13 +5687,13 @@ chrome-trace-event@^1.0.2: resolved "https://registry.yarnpkg.com/chrome-trace-event/-/chrome-trace-event-1.0.3.tgz#1015eced4741e15d06664a957dbbf50d041e26ac" integrity sha512-p3KULyQg4S7NIHixdwbGX+nFHkoBiA4YQmyWtjb8XngSKV124nJmRysgAeujbUVb15vh+RvFUfCPqU7rXk+hZg== -chromedriver@^91.0.1: - version "91.0.1" - resolved "https://registry.yarnpkg.com/chromedriver/-/chromedriver-91.0.1.tgz#4d70a569901e356c978a41de3019c464f2a8ebd0" - integrity sha512-9LktpHiUxM4UWUsr+jI1K1YKx2GENt6BKKJ2mibPj1Wc6ODzX/3fFIlr8CZ4Ftuyga+dHTTbAyPWKwKvybEbKA== +chromedriver@^100.0.0: + version "100.0.0" + resolved "https://registry.yarnpkg.com/chromedriver/-/chromedriver-100.0.0.tgz#1b4bf5c89cea12c79f53bc94d8f5bb5aa79ed7be" + integrity sha512-oLfB0IgFEGY9qYpFQO/BNSXbPw7bgfJUN5VX8Okps9W2qNT4IqKh5hDwKWtpUIQNI6K3ToWe2/J5NdpurTY02g== dependencies: - "@testim/chrome-version" "^1.0.7" - axios "^0.21.1" + "@testim/chrome-version" "^1.1.2" + axios "^0.24.0" del "^6.0.0" extract-zip "^2.0.1" https-proxy-agent "^5.0.0" @@ -8739,10 +8740,10 @@ focus-lock@^0.10.2: dependencies: tslib "^2.0.3" -follow-redirects@^1.14.0: - version "1.14.9" - resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.14.9.tgz#dd4ea157de7bfaf9ea9b3fbd85aa16951f78d8d7" - integrity sha512-MQDfihBQYMcyy5dhRDJUHcw7lb2Pv/TuE6xP1vyraLukNDHKbDxDNaOE3NbCAdKQApno+GPRyo1YAp89yCjK4w== +follow-redirects@^1.14.9: + version "1.15.0" + resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.0.tgz#06441868281c86d0dda4ad8bdaead2d02dca89d4" + integrity sha512-aExlJShTV4qOUOL7yF1U5tvLCB0xQuudbf6toyYA0E/acBNw71mvjFTnLaRp50aQaYocMR0a/RMMBIHeZnGyjQ== font-awesome@4.7.0: version "4.7.0"