From 4551562ebcdac13750dc9f799b26ef014cc7561f Mon Sep 17 00:00:00 2001 From: Dave Date: Tue, 7 Sep 2021 14:09:11 +1000 Subject: [PATCH 1/4] Bumped axios version to patch ReDos vulnerability --- package.json | 2 +- yarn.lock | 18 +++++++++--------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/package.json b/package.json index 268166aa..007b3cd0 100644 --- a/package.json +++ b/package.json @@ -35,7 +35,7 @@ ], "dependencies": { "@segment/loosely-validate-event": "^2.0.0", - "axios": "^0.21.1", + "axios": "^0.21.4", "axios-retry": "^3.0.2", "lodash.isstring": "^4.0.1", "md5": "^2.2.1", diff --git a/yarn.lock b/yarn.lock index c4707bb9..1621f483 100644 --- a/yarn.lock +++ b/yarn.lock @@ -886,12 +886,12 @@ axios-retry@^3.0.2: dependencies: is-retry-allowed "^1.1.0" -axios@^0.21.1: - version "0.21.1" - resolved "https://registry.yarnpkg.com/axios/-/axios-0.21.1.tgz#22563481962f4d6bde9a76d516ef0e5d3c09b2b8" - integrity sha512-dKQiRHxGD9PPRIUNIWvZhPTPpl1rf/OxTYKsqKUDjBwYylTvV7SjSHJb9ratfyzM6wCdLCOYLzs73qpg5c4iGA== +axios@^0.21.4: + version "0.21.4" + resolved "https://packages.atlassian.com/api/npm/npm-remote/axios/-/axios-0.21.4.tgz#c67b90dc0568e5c1cf2b0b858c43ba28e2eda575" + integrity sha1-xnuQ3AVo5cHPKwuFjEO6KOLtpXU= dependencies: - follow-redirects "^1.10.0" + follow-redirects "^1.14.0" babel-code-frame@^6.26.0: version "6.26.0" @@ -3025,10 +3025,10 @@ fn-name@^2.0.0: resolved "https://registry.yarnpkg.com/fn-name/-/fn-name-2.0.1.tgz#5214d7537a4d06a4a301c0cc262feb84188002e7" integrity sha1-UhTXU3pNBqSjAcDMJi/rhBiAAuc= -follow-redirects@^1.10.0: - version "1.13.1" - resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.13.1.tgz#5f69b813376cee4fd0474a3aba835df04ab763b7" - integrity sha512-SSG5xmZh1mkPGyKzjZP8zLjltIfpW32Y5QpdNJyjcfGxK3qo3NDDkZOZSFiGn1A6SclQxY9GzEwAHQ3dmYRWpg== +follow-redirects@^1.14.0: + version "1.14.3" + resolved "https://packages.atlassian.com/api/npm/npm-remote/follow-redirects/-/follow-redirects-1.14.3.tgz#6ada78118d8d24caee595595accdc0ac6abd022e" + integrity sha1-atp4EY2NJMruWVWVrM3ArGq9Ai4= for-in@^0.1.3: version "0.1.8" From 6699394c148847889ae28821ab2feb53e6b725d4 Mon Sep 17 00:00:00 2001 From: Pooya Jaferian Date: Mon, 13 Sep 2021 13:32:09 -0700 Subject: [PATCH 2/4] update history + bump package.json --- History.md | 7 +++++++ package.json | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/History.md b/History.md index a3b8b478..fb8c2c8f 100644 --- a/History.md +++ b/History.md @@ -1,3 +1,10 @@ +# v5.1.0 / 2021-9-13 + +- Added options for axiosRetryConfig, disable axiosRetry if retryCount is 0 (#285) +- Optimize timer scheduling (#172) +- Update Axios to fix a ReDoS vulnerability (#295) +- Automated dependency upgrades + # v5.0.0 / 2021-7-16 - BREAKING: Dropping support for Node 8.0! diff --git a/package.json b/package.json index 007b3cd0..150acb76 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "analytics-node", - "version": "5.0.0", + "version": "5.1.0", "description": "The hassle-free way to integrate analytics into any Node.js application", "license": "MIT", "repository": "segmentio/analytics-node", From 9a9e7850e7948b02d9a9ad08083e684e7a0d358e Mon Sep 17 00:00:00 2001 From: Pooya Jaferian Date: Mon, 13 Sep 2021 13:43:05 -0700 Subject: [PATCH 3/4] let np takes care of version --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 150acb76..007b3cd0 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "analytics-node", - "version": "5.1.0", + "version": "5.0.0", "description": "The hassle-free way to integrate analytics into any Node.js application", "license": "MIT", "repository": "segmentio/analytics-node", From 1094398380ddc791f538a7689c53833e539e6b95 Mon Sep 17 00:00:00 2001 From: Pooya Jaferian Date: Mon, 13 Sep 2021 13:43:34 -0700 Subject: [PATCH 4/4] v5.1.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 007b3cd0..150acb76 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "analytics-node", - "version": "5.0.0", + "version": "5.1.0", "description": "The hassle-free way to integrate analytics into any Node.js application", "license": "MIT", "repository": "segmentio/analytics-node",