Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: LEAP-386: Fix axios dependency vulnerability #5229

Merged
merged 3 commits into from
Jan 3, 2024
Merged

fix: LEAP-386: Fix axios dependency vulnerability #5229

merged 3 commits into from
Jan 3, 2024

Conversation

juliosgarbi
Copy link
Contributor

PR fulfills these requirements

  • Commit message(s) and PR title follows the format [fix|feat|ci|chore|doc]: TICKET-ID: Short description of change made ex. fix: DEV-XXXX: Removed inconsistent code usage causing intermittent errors
  • Tests for the changes have been added/updated (for bug fixes/features)
  • Docs have been added/updated (for bug fixes/features)
  • Best efforts were made to ensure docs/code are concise and coherent (checked for spelling/grammatical errors, commented out code, debug logs etc.)
  • Self-reviewed and ran all changes on a local instance (for bug fixes/features)

Change has impacts in these area(s)

(check all that apply)

  • Product design
  • Backend (Database)
  • Backend (API)
  • Frontend

Describe the reason for change

This PR aims to address open medium severity vulnerabilities found in the npm-axios package. The issue was automatically identified and reported by Vanta.

What does this fix?

By updating axios to version 1.6.0, the medium severity vulnerabilities should be resolved, enhancing the security and reliability of the application.

What libraries were added/updated?

axios updated for 1.6.0

Does this change affect performance?

no

Does this change affect security?

no

What alternative approaches were there?

none

What feature flags were used to cover this change?

no

Does this PR introduce a breaking change?

(check only one)

  • Yes, and covered entirely by feature flag(s)
  • Yes, and covered partially by feature flag(s)
  • No
  • Not sure (briefly explain the situation below)

What level of testing was included in the change?

(check all that apply)

  • e2e
  • integration
  • unit
  • no needed

@netlify Netlify
Copy link

netlify bot commented Dec 26, 2023
edited
Loading

Deploy Preview for label-studio-docs-new-theme canceled.

Name Link
🔨 Latest commit 6746c36
🔍 Latest deploy log https://app.netlify.com/sites/label-studio-docs-new-theme/deploys/658afed454aa010008d27b14

@netlify Netlify
Copy link

netlify bot commented Dec 26, 2023
edited
Loading

Deploy Preview for heartex-docs canceled.

Name Link
🔨 Latest commit 6746c36
🔍 Latest deploy log https://app.netlify.com/sites/heartex-docs/deploys/658afed465a39200087cca5b

@github-actions github-actions bot added the fix label Dec 26, 2023
@juliosgarbi juliosgarbi merged commit ff6f71a into develop Jan 3, 2024
25 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hlomzik hlomzik hlomzik approved these changes

Assignees
No one assigned
Labels
Confirmed fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@juliosgarbi @hlomzik @robot-ci-heartex