Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump axios to 0.28.0 in 2.x #6147

Merged
merged 3 commits into from
Mar 19, 2024
Merged

Bump axios to 0.28.0 in 2.x #6147

merged 3 commits into from
Mar 19, 2024

Conversation

AMoo-Miki
Copy link
Collaborator

@AMoo-Miki AMoo-Miki commented Mar 14, 2024
edited
Loading

Description

Addresses CVE-2023-45857 with [email protected].

Note 1: You might notice that axios@^1.13 which is dep of chromedriver also got a version bump. Being a nested dep, it is nothing to be reported on.

Note 2: Not backporting to 1.3; i will raise one there separately.

Check List

  • All tests pass
    • yarn test:jest
    • yarn test:jest_integration
  • New functionality includes testing.
  • New functionality has been documented.
  • Update CHANGELOG.md
  • Commits are signed per the DCO using --signoff

@codecov Codecov
Copy link

codecov bot commented Mar 14, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 67.15%. Comparing base (98dfac8) to head (b62de4b).
Report is 1 commits behind head on 2.x.

Additional details and impacted files 
@@            Coverage Diff             @@
##              2.x    #6147      +/-   ##
==========================================
- Coverage   67.16%   67.15%   -0.02%     
==========================================
  Files        3330     3330              
  Lines       64313    64313              
  Branches    10273    10273              
==========================================
- Hits        43199    43190       -9     
- Misses      18611    18621      +10     
+ Partials     2503     2502       -1
Flag Coverage Δ
Linux_1 35.07% <ø> (ø)
Linux_2 55.28% <ø> (ø)
Linux_3 44.61% <ø> (+<0.01%) ⬆️
Linux_4 35.35% <ø> (ø)
Windows_1 35.10% <ø> (-0.04%) ⬇️
Windows_2 55.24% <ø> (ø)
Windows_3 44.62% <ø> (ø)
Windows_4 35.35% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

abbyhu2000
abbyhu2000 previously approved these changes Mar 14, 2024
View reviewed changes
manasvinibs
manasvinibs previously approved these changes Mar 14, 2024
View reviewed changes
manasvinibs
manasvinibs reviewed Mar 14, 2024
View reviewed changes
CHANGELOG.md Outdated
@@ -10,6 +10,8 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)

### 🛡 Security

- [CVE-2023-45857] Bump `axios` from `0.27.2` to `0.28.0` ([#5470](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5470))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want to update the PR number here? or separate changelog for just the axios?

SuZhou-Joe
SuZhou-Joe reviewed Mar 15, 2024
View reviewed changes
packages/osd-dev-utils/src/osd_client/osd_client_requester.ts
@@ -37,7 +37,7 @@ import { ToolingLog } from '../tooling_log';

const isConcliftOnGetError = (error: any) => {
return (
isAxiosResponseError(error) && error.config.method === 'GET' && error.response.status === 409
isAxiosResponseError(error) && error.config?.method === 'GET' && error.response.status === 409
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would like some comment here, is there any breaking change in axios in v0.28 that it may not bring config when throw error?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Their changelog doesn't document any breaking changes; this is more than likely just fine tuning of the types def.

ashwin-pc and others added 2 commits March 18, 2024 11:20
@ashwin-pc @AMoo-Miki
Bump oui to 1.5.1 (opensearch-project#5862)
72e9500 
* bump oui to 1.5.1

Signed-off-by: Ashwin P Chandran <[email protected]>

* Updates changelog

---------

Signed-off-by: Ashwin P Chandran <[email protected]>

(cherry picked from commit bd75107)
Signed-off-by: Miki <[email protected]>
@AMoo-Miki
Bump axios to 0.28.0
2ec92c3 
Signed-off-by: Miki <[email protected]>
@AMoo-Miki AMoo-Miki requested a review from BionIT as a code owner March 18, 2024 18:32
@ashwin-pc ashwin-pc changed the title Bump axios to 0.28.0 Bump axios to 0.28.0 in 2.x Mar 18, 2024
@ashwin-pc ashwin-pc merged commit ac53fe7 into opensearch-project:2.x Mar 19, 2024
67 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@manasvinibs manasvinibs manasvinibs left review comments

@SuZhou-Joe SuZhou-Joe SuZhou-Joe left review comments

@ashwin-pc ashwin-pc ashwin-pc approved these changes

@kavilla kavilla kavilla approved these changes

@abbyhu2000 abbyhu2000 abbyhu2000 left review comments

@ananzh ananzh Awaiting requested review from ananzh ananzh is a code owner

@joshuarrrr joshuarrrr Awaiting requested review from joshuarrrr joshuarrrr is a code owner

@zengyan-amazon zengyan-amazon Awaiting requested review from zengyan-amazon zengyan-amazon is a code owner

@kristenTian kristenTian Awaiting requested review from kristenTian

@zhongnansu zhongnansu Awaiting requested review from zhongnansu zhongnansu is a code owner

@ZilongX ZilongX Awaiting requested review from ZilongX ZilongX is a code owner

@Flyingliuhub Flyingliuhub Awaiting requested review from Flyingliuhub Flyingliuhub is a code owner

@BSFishy BSFishy Awaiting requested review from BSFishy

@curq curq Awaiting requested review from curq curq is a code owner

@bandinib-amzn bandinib-amzn Awaiting requested review from bandinib-amzn bandinib-amzn is a code owner

@ruanyl ruanyl Awaiting requested review from ruanyl ruanyl is a code owner

@BionIT BionIT Awaiting requested review from BionIT BionIT is a code owner

Assignees
No one assigned
Labels
v2.13.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@AMoo-Miki @kavilla @SuZhou-Joe @ashwin-pc @abbyhu2000 @manasvinibs