Skip to content

Commit

Permalink
Bump axios, chokidar, mocha, and elliptic (#8490)
Browse files Browse the repository at this point in the history
* [CVE-2024-39338] Bump axios from 1.7.2 to 1.7.7
Bump chokidar from 3.5.3 to 3.6.0
[SNYK-JS-MOCHA-2863123] Bump mocha from 10.1.0 to 10.7.3
[CVE-2024-42459][CVE-2024-42460][CVE-2024-42461] Bump elliptic from 6.5.4 to 6.5.7

* Changeset file for PR #8490 created/updated

---------

Co-authored-by: opensearch-changeset-bot[bot] <154024398+opensearch-changeset-bot[bot]@users.noreply.github.com>

(cherry picked from commit f4f251d)
Signed-off-by: Miki <[email protected]>
  • Loading branch information
AMoo-Miki and opensearch-changeset-bot[bot] committed Oct 11, 2024
1 parent 9434dc2 commit e68aaab
Show file tree
Hide file tree
Showing 6 changed files with 181 additions and 152 deletions.
7 changes: 7 additions & 0 deletions changelogs/fragments/8490.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
security:
- [CVE-2024-39338] Bump axios from 1.7.2 to 1.7.7 ([#8490](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/8490))
- [SNYK-JS-MOCHA-2863123] Bump mocha from 10.1.0 to 10.7.3 ([#8490](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/8490))
- [CVE-2024-42459][CVE-2024-42460][CVE-2024-42461] Bump elliptic from 6.5.4 to 6.5.7 ([#8490](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/8490))

chore:
- Bump chokidar from 3.5.3 to 3.6.0 ([#8490](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/8490))
1 change: 0 additions & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,6 @@
"**/typescript": "4.0.2",
"**/unset-value": "^2.0.1",
"**/watchpack-chokidar2/chokidar": "^3.5.3",
"**/minimatch": "^3.0.5",
"**/eslint-plugin-mocha-next/mocha": "npm:mocha@^10.1.0",
"**/xml2js": "^0.5.0",
"**/yaml": "^2.2.2",
Expand Down
2 changes: 1 addition & 1 deletion packages/osd-dev-utils/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
"dependencies": {
"@babel/core": "^7.22.9",
"@osd/utils": "1.0.0",
"axios": "^0.28.0",
"axios": "^1.7.7",
"chalk": "^4.1.0",
"cheerio": "1.0.0-rc.1",
"dedent": "^0.7.0",
Expand Down
7 changes: 3 additions & 4 deletions packages/osd-test/src/failed_tests_reporter/github_api.ts
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@

import Url from 'url';

import Axios, { AxiosRequestConfig, AxiosInstance } from 'axios';
import Axios, { AxiosRequestConfig, AxiosInstance, AxiosHeaderValue } from 'axios';
import parseLinkHeader from 'parse-link-header';
import { ToolingLog, isAxiosResponseError, isAxiosRequestError } from '@osd/dev-utils';

Expand Down Expand Up @@ -208,7 +208,7 @@ export class GithubApi {
): Promise<{
status: number;
statusText: string;
headers: Record<string, string | string[] | undefined>;
headers: Record<string, AxiosHeaderValue | undefined>;
data: T;
}> {
const executeRequest = !this.dryRun || options.safeForDryRun;
Expand All @@ -233,8 +233,7 @@ export class GithubApi {
const githubApiFailed = isAxiosResponseError(error) && error.response.status >= 500;
const errorResponseLog =
isAxiosResponseError(error) &&
error.config &&
`[${error.config.method} ${error.config.url}] ${error.response.status} ${error.response.statusText} Error`;
`[${error.config?.method} ${error.config?.url}] ${error.response.status} ${error.response.statusText} Error`;

if ((unableToReachGithub || githubApiFailed) && attempt < maxAttempts) {
const waitMs = 1000 * attempt;
Expand Down
2 changes: 1 addition & 1 deletion packages/osd-ui-shared-deps/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
"@osd/i18n": "1.0.0",
"@osd/monaco": "1.0.0",
"abortcontroller-polyfill": "^1.4.0",
"axios": "^0.28.0",
"axios": "^1.7.7",
"compression-webpack-plugin": "npm:@amoo-miki/[email protected]",
"core-js": "^3.6.5",
"custom-event-polyfill": "^0.3.0",
Expand Down
Loading

0 comments on commit e68aaab

Please sign in to comment.