Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: bump axios version to remediate vulnerability CVE-2022-0155 #11

Merged
merged 1 commit into from Oct 8, 2023
Merged

chore: bump axios version to remediate vulnerability CVE-2022-0155 #11

merged 1 commit into from Oct 8, 2023

Conversation

fatwong
Copy link
Contributor

@fatwong fatwong commented Mar 9, 2023

Bump axios to eliminate the security vulnerability caused by follow-redirects.

Issue link : axios/axios#4379
Release: https://github.com/axios/axios/releases/tag/v0.25.0

@i-break-codes
Copy link

Hey, can you please merge the above?

@nicolasdao nicolasdao merged commit ac9e19b into nicolasdao:master Oct 8, 2023
@nicolasdao
Copy link
Owner

Thanks a lot @fatwong.

@i-break-codes I've just published a new NPM version for this PR (v0.1.5).

@i-break-codes
Copy link

Thanks. @nicolasdao this is bit funny, was developing and realized that my code wasn't working since last few hours, turns out as you published a new package, it was fetching the latest bumped up one. Post fetching this update, the package has started throwing the following error:

/Users/vaibhav/work/steamscanner/node_modules/axios/lib/core/Axios.js:40
    throw new Error('Provided config url is not valid');
          ^

Error: Provided config url is not valid
    at Axios.request (/Users/vaibhav/work/proj/node_modules/axios/lib/core/Axios.js:40:11)
    at Axios.<computed> [as post] (/Users/vaibhav/work/proj/node_modules/axios/lib/core/Axios.js:147:17)
    at Function.wrap [as post] (/Users/vaibhav/work/proj/node_modules/axios/lib/helpers/bind.js:9:15)
    at addLogsToStream (/Users/vaibhav/work/proj/node_modules/aws-cloudwatch-log/index.js:137:74)
    at /Users/vaibhav/work/proj/node_modules/aws-cloudwatch-log/index.js:230:7
    at /Users/vaibhav/work/proj/node_modules/aws-cloudwatch-log/index.js:160:127

Node.js v18.5.0

@nicolasdao
Copy link
Owner

Hi @i-break-codes,

You should probably revert back to installing 0.1.4.

@fatwong
Copy link
Contributor Author

fatwong commented Jan 5, 2024

Will prepare a Pull request to address the issue and bump axios to 0.26.1 (since it's a latest version covers the fix and with minimal changes)

axios/axios#4407
axios/axios#4426

@nicolasdao @i-break-codes

fatwong added a commit to fatwong/aws-cloudwatch-logger that referenced this pull request Jan 5, 2024
@fatwong
chore(deps): bump axios to version 0.26.1, fix issues from nicolasdao#11
09ac750
@fatwong fatwong mentioned this pull request Jan 5, 2024
Merged
@fatwong
Copy link
Contributor Author

fatwong commented Jan 5, 2024

Prepared PR for above issue: #12

@nicolasdao

nicolasdao added a commit that referenced this pull request Jan 5, 2024
@nicolasdao
Merge pull request #12 from fatwong/chore/bump-axios-to-version-0.26.1
79ea725 
chore(deps): bump axios to version 0.26.1, fix issues from #11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@fatwong @i-break-codes @nicolasdao