-
Notifications
You must be signed in to change notification settings - Fork 579
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
security: upgrade axios to fix CVE-2021-3749 #874
Conversation
I'll test this manually and we can get it in. |
✅ upstream PR opened: jonschlinkert/paged-request#6 |
Lint is failing here, I think the PR needs to be rebased. Also this introduces a warning that I don't know what to do about, because it's right that paged-request is now using an invalid library version but the security alert says not to use the old one, so.
|
I closed the PR by accident, reopened. |
I rebased the PR. |
@NullSoldier that rebase doesn't look like it worked, I am guessing bc my branch is on a fork- changed files on this PR are now just a vers bump https://github.com/iron-fish/ironfish/pull/874/files |
Here is my upgrade commit that was lost in the force push of |
The CVE is patched in version |
Just pushed a change to upgrade to a compatible point release of |
Ok approved, it's merging now! Sorry about the borked rebase. |
Awesome thank you! |
Summary
Upgrade axios to fix CVE-2021-3749
Testing Plan
After upgrade,
yarn audit
shows no high severity vulnerabilitiesBreaking Change
No breaking changes in this upgrade according to the axios release notes: https://github.com/axios/axios/releases
testnet graffiti / username
oldhill0x12345