From 671f0f2c5b75e1ec81a7067c0d35d606264fb5d8 Mon Sep 17 00:00:00 2001 From: "Openverse (Bot)" <101814513+openverse-bot@users.noreply.github.com> Date: Wed, 15 Nov 2023 05:54:35 -0500 Subject: [PATCH] Update dependency axios to v1 [SECURITY] (#3343) * Update dependency axios to v1 [SECURITY] * Fix jest build for axios * Fix axios import for vue-server-renderer https://github.com/axios/axios/issues/5243\#issuecomment-1533941896 * Fix axios mock adapter import --------- Co-authored-by: sarayourfriend <24264157+sarayourfriend@users.noreply.github.com> --- automations/js/package.json | 2 +- frontend/jest.config.js | 3 ++- frontend/nuxt.config.ts | 1 + frontend/package.json | 2 +- pnpm-lock.yaml | 52 ++++++++++++++++--------------------- 5 files changed, 28 insertions(+), 32 deletions(-) diff --git a/automations/js/package.json b/automations/js/package.json index c0ee3ae6d7..8028c20883 100644 --- a/automations/js/package.json +++ b/automations/js/package.json @@ -5,7 +5,7 @@ "version": "0.0.0", "dependencies": { "@octokit/rest": "19.0.7", - "axios": "^0.27.0", + "axios": "^1.0.0", "js-yaml": "^4.1.0", "k6": "0.0.0", "nunjucks": "^3.2.4" diff --git a/frontend/jest.config.js b/frontend/jest.config.js index e158ba2d31..c04870c65b 100644 --- a/frontend/jest.config.js +++ b/frontend/jest.config.js @@ -12,6 +12,7 @@ module.exports = { "^~~/(.*)$": "/$1", "^vue$": "vue/dist/vue.common.js", "(.*svg)(\\?inline)$": "/test/unit/test-utils/svgTransform.js", + "^axios$": "axios/dist/node/axios.cjs", }, setupFiles: ["/test/unit/setup.js"], setupFilesAfterEnv: ["/test/unit/setup-after-env.js"], @@ -22,7 +23,7 @@ module.exports = { "^.+\\.svg$": "/test/unit/svg-transform.js", }, testPathIgnorePatterns: ["/playwright/", "/storybook/", ".remake"], - collectCoverage: true, + collectCoverage: false, coverageDirectory: "/test/unit/coverage", collectCoverageFrom: [ "/src/**/*.vue", diff --git a/frontend/nuxt.config.ts b/frontend/nuxt.config.ts index 734a9a60ad..7c10b5f4e0 100644 --- a/frontend/nuxt.config.ts +++ b/frontend/nuxt.config.ts @@ -261,6 +261,7 @@ const config: NuxtConfig = { // Enables use of IDE debuggers config.devtool = ctx.isClient ? "source-map" : "inline-source-map" }, + transpile: [({ isLegacy }) => (isLegacy ? "axios" : undefined)], }, typescript: { typeCheck: { diff --git a/frontend/package.json b/frontend/package.json index 06b5ebdf8e..0249d2300b 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -70,7 +70,7 @@ "@vueuse/core": "^10.2.1", "@wordpress/is-shallow-equal": "^4.6.0", "async-mutex": "^0.3.2", - "axios": "^0.27.0", + "axios": "^1.0.0", "axios-mock-adapter": "^1.20.0", "clipboard": "^2.0.11", "cookie-universal-nuxt": "^2.1.5", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 2fb22faf21..95ad0a88bd 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -21,13 +21,13 @@ importers: '@actions/core': ^1.10.0 '@actions/github': ^5.1.1 '@octokit/rest': 19.0.7 - axios: ^0.27.0 + axios: ^1.0.0 js-yaml: ^4.1.0 k6: 0.0.0 nunjucks: ^3.2.4 dependencies: '@octokit/rest': 19.0.7 - axios: 0.27.2 + axios: 1.6.1 js-yaml: 4.1.0 k6: 0.0.0 nunjucks: 3.2.4 @@ -74,7 +74,7 @@ importers: adm-zip: ^0.5.10 async-mutex: ^0.3.2 autoprefixer: ^10.4.16 - axios: ^0.27.0 + axios: ^1.0.0 axios-mock-adapter: ^1.20.0 axios-rate-limit: ^1.3.0 babel-core: ^7.0.0-bridge.0 @@ -139,8 +139,8 @@ importers: '@vueuse/core': 10.2.1_vue@2.7.15 '@wordpress/is-shallow-equal': 4.8.0 async-mutex: 0.3.2 - axios: 0.27.2 - axios-mock-adapter: 1.20.0_axios@0.27.2 + axios: 1.6.1 + axios-mock-adapter: 1.20.0_axios@1.6.1 clipboard: 2.0.11 cookie-universal-nuxt: 2.1.5 core-js: 3.27.2 @@ -186,7 +186,7 @@ importers: '@vue/test-utils': 1.1.3_5bwbnhtkovckcydjgad3t2muke adm-zip: 0.5.10 autoprefixer: 10.4.16_postcss@8.4.31 - axios-rate-limit: 1.3.0_axios@0.27.2 + axios-rate-limit: 1.3.0_axios@1.6.1 babel-core: 7.0.0-bridge.0_@babel+core@7.22.5 babel-jest: 26.6.3_@babel+core@7.22.5 babel-loader: 8.2.5_rf5mwho5nu3s3spznxs3423x5y @@ -8624,7 +8624,7 @@ packages: resolution: {integrity: sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==} engines: {node: '>= 0.6'} dependencies: - mime-types: 2.1.34 + mime-types: 2.1.35 negotiator: 0.6.3 /acorn-globals/6.0.0: @@ -9120,30 +9120,31 @@ packages: resolution: {integrity: sha512-DMD0KiN46eipeziST1LPP/STfDU0sufISXmjSgvVsoU2tqxctQeASejWcfNtxYKqETM1UxQ8sp2OrSBWpHY6sw==} engines: {node: '>= 0.4'} - /axios-mock-adapter/1.20.0_axios@0.27.2: + /axios-mock-adapter/1.20.0_axios@1.6.1: resolution: {integrity: sha512-shZRhTjLP0WWdcvHKf3rH3iW9deb3UdKbdnKUoHmmsnBhVXN3sjPJM6ZvQ2r/ywgvBVQrMnjrSyQab60G1sr2w==} peerDependencies: axios: '>= 0.9.0' dependencies: - axios: 0.27.2 + axios: 1.6.1 fast-deep-equal: 3.1.3 is-blob: 2.1.0 is-buffer: 2.0.5 dev: false - /axios-rate-limit/1.3.0_axios@0.27.2: + /axios-rate-limit/1.3.0_axios@1.6.1: resolution: {integrity: sha512-cKR5wTbU/CeeyF1xVl5hl6FlYsmzDVqxlN4rGtfO5x7J83UxKDckudsW0yW21/ZJRcO0Qrfm3fUFbhEbWTLayw==} peerDependencies: axios: '*' dependencies: - axios: 0.27.2 + axios: 1.6.1 dev: true - /axios/0.27.2: - resolution: {integrity: sha512-t+yRIyySRTp/wua5xEr+z1q60QmLq8ABsS5O9Me1AsE5dfKqgnCFzwiCZZ/cGNd1lq4/7akDWMxdhVlucjmnOQ==} + /axios/1.6.1: + resolution: {integrity: sha512-vfBmhDpKafglh0EldBEbVuoe7DyAavGSLWhuSm5ZSEKQnHhBf0xAAwybbNH1IkrJNGnS/VG4I5yxig1pCEXE4g==} dependencies: - follow-redirects: 1.14.9 + follow-redirects: 1.15.3 form-data: 4.0.0 + proxy-from-env: 1.1.0 transitivePeerDependencies: - debug @@ -10321,7 +10322,7 @@ packages: resolution: {integrity: sha512-AF3r7P5dWxL8MxyITRMlORQNaOA2IkAFaTr4k7BUumjPtRpGDTZpl0Pb1XCO6JeDCBdp126Cgs9sMxqSjgYyRg==} engines: {node: '>= 0.6'} dependencies: - mime-db: 1.51.0 + mime-db: 1.52.0 /compression/1.7.4: resolution: {integrity: sha512-jaSIDzP9pZVS4ZfQ+TzvtiWhdpFhE2RDHz8QJkpX9SIpLq88VueF5jJw6t+6CUQcAoA6t+x89MLrWAqpfDE8iQ==} @@ -13005,8 +13006,8 @@ packages: resolution: {integrity: sha512-Rwix9pBtC1Nuy5wysTmKy+UjbDJpIfg8eHjw0rjZ1mX4GNLz1Bmd16uDpI3Gk1i70Fgcs8Csg2lPm8HULFg9DQ==} dev: false - /follow-redirects/1.14.9: - resolution: {integrity: sha512-MQDfihBQYMcyy5dhRDJUHcw7lb2Pv/TuE6xP1vyraLukNDHKbDxDNaOE3NbCAdKQApno+GPRyo1YAp89yCjK4w==} + /follow-redirects/1.15.3: + resolution: {integrity: sha512-1VzOtuEM8pC9SFU1E+8KfTjZyMztRsgEfwQl44z8A25uy13jSzTj6dyK2Df52iV0vgHCfBwLhDWevLn95w5v6Q==} engines: {node: '>=4.0'} peerDependencies: debug: '*' @@ -13098,7 +13099,7 @@ packages: dependencies: asynckit: 0.4.0 combined-stream: 1.0.8 - mime-types: 2.1.34 + mime-types: 2.1.35 /forwarded/0.2.0: resolution: {integrity: sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==} @@ -13906,7 +13907,7 @@ packages: engines: {node: '>=8.0.0'} dependencies: eventemitter3: 4.0.7 - follow-redirects: 1.14.9 + follow-redirects: 1.15.3 requires-port: 1.0.0 transitivePeerDependencies: - debug @@ -16289,20 +16290,10 @@ packages: bn.js: 4.12.0 brorand: 1.1.0 - /mime-db/1.51.0: - resolution: {integrity: sha512-5y8A56jg7XVQx2mbv1lu49NR4dokRnhZYTtL+KGfaa27uq4pSTXkwQkFJl4pkRMyNFz/EtYDSkiiEHx3F7UN6g==} - engines: {node: '>= 0.6'} - /mime-db/1.52.0: resolution: {integrity: sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==} engines: {node: '>= 0.6'} - /mime-types/2.1.34: - resolution: {integrity: sha512-6cP692WwGIs9XXdOO4++N+7qjqv0rqxxVvJ3VHPh/Sc9mVZcQP+ZGhkKiTvWMQRr2tbHkJP/Yn7Y0npb3ZBs4A==} - engines: {node: '>= 0.6'} - dependencies: - mime-db: 1.51.0 - /mime-types/2.1.35: resolution: {integrity: sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==} engines: {node: '>= 0.6'} @@ -18964,6 +18955,9 @@ packages: ipaddr.js: 1.9.1 dev: true + /proxy-from-env/1.1.0: + resolution: {integrity: sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==} + /prr/1.0.1: resolution: {integrity: sha512-yPw4Sng1gWghHQWj0B3ZggWUm4qVbPwPFcRG8KyxiU7J2OHFSoEHKS+EZ3fv5l1t9CyCiop6l/ZYeWbrgoQejw==}