Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): Update axios to fix CVE #1167

Merged
merged 1 commit into from Mar 4, 2024
Merged

chore(deps): Update axios to fix CVE #1167

merged 1 commit into from Mar 4, 2024

Conversation

leSamo
Copy link
Member

@leSamo leSamo commented Mar 1, 2024

Fixes https://issues.redhat.com/browse/RHINENG-8635

Axios did have an error handler refactoring in 0.27.0, therefore I had to change the accessor to isAxiosError.

@leSamo leSamo requested a review from a team as a code owner March 1, 2024 02:11
@codecov-commenter
Copy link

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 62.84%. Comparing base (3678dbd) to head (610e546).

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #1167   +/-   ##
=======================================
  Coverage   62.84%   62.84%           
=======================================
  Files         127      127           
  Lines        3192     3192           
  Branches      817      817           
=======================================
  Hits         2006     2006           
  Misses       1186     1186

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

mkholjuraev
mkholjuraev approved these changes Mar 1, 2024
View reviewed changes
Copy link
Collaborator

@mkholjuraev mkholjuraev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

src/Utilities/axiosInterceptors.js
const { response, isAxiosError } = { ...err };

if (response && isAxiosError) {
if (response && err.isAxiosError) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For my understanding, what was the issue here?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the new version of axios

const { response, isAxiosError } = { ...err }
console.log(isAxiosError); // prints "undefined"
console.log(err.isAxiosError); // prints "true"

It seems like by copying the object the destructuring and direct property access behave differently.

@leSamo
Copy link
Member Author

leSamo commented Mar 1, 2024

/retest

3 similar comments
@leSamo
Copy link
Member Author

leSamo commented Mar 1, 2024

/retest

@leSamo
Copy link
Member Author

leSamo commented Mar 1, 2024

/retest

@leSamo
Copy link
Member Author

leSamo commented Mar 4, 2024

/retest

@leSamo leSamo merged commit 307b124 into master Mar 4, 2024
2 of 3 checks passed
@mkholjuraev
Copy link
Collaborator

🎉 This PR is included in version 1.67.2 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mkholjuraev mkholjuraev mkholjuraev approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@leSamo @codecov-commenter @mkholjuraev