-
Notifications
You must be signed in to change notification settings - Fork 282
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build(deps): upgrade axios to 0.21.1 due to high severity vulnerability #449
Labels
dependencies
Pull requests that update a dependency file
Security
Related to existing or potential security vulnerabilities
Milestone
Comments
petermetz
added
dependencies
Pull requests that update a dependency file
Security
Related to existing or potential security vulnerabilities
labels
Jan 6, 2021
petermetz
changed the title
chore(deps): upgrade axios to 0.21.1 due to high severity vulnerability
build(deps): upgrade axios to 0.21.1 due to high severity vulnerability
Jan 6, 2021
petermetz
added a commit
to petermetz/cacti
that referenced
this issue
Jan 6, 2021
Done due to a high severity vulnerability Fixes hyperledger-cacti#449 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz
added a commit
to petermetz/cacti
that referenced
this issue
Jan 6, 2021
Done due to a high severity vulnerability Also adding axios as a dependency to cactus-test-plugin-ledger-connector-besu which seems to have been missing so far. Fixes hyperledger-cacti#449 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz
added a commit
to petermetz/cacti
that referenced
this issue
Jan 8, 2021
Done due to a high severity vulnerability Also adding axios as a dependency to cactus-test-plugin-ledger-connector-besu which seems to have been missing so far. Fixes hyperledger-cacti#449 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz
added a commit
to petermetz/cacti
that referenced
this issue
Jan 8, 2021
Done due to a high severity vulnerability Also adding axios as a dependency to cactus-test-plugin-ledger-connector-besu which seems to have been missing so far. Fixes hyperledger-cacti#449 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz
added a commit
that referenced
this issue
Jan 8, 2021
Done due to a high severity vulnerability Also adding axios as a dependency to cactus-test-plugin-ledger-connector-besu which seems to have been missing so far. Fixes #449 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz
added a commit
to petermetz/cacti
that referenced
this issue
Jan 21, 2021
…dger-cacti#449 The previous commit attempting to do the same thing somehow did not achieve the expected outcome meaning that there were still leftovers of other versions of axios. For reference: CVE-2020-28168 Fixes hyperledger-cacti#449 Depends on hyperledger-cacti#506 hyperledger-cacti#507 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Reopening because of leftover dependency declarations that were missed in the previous PR (or were introduced on other branches in the meantime, not actually sure) |
petermetz
added a commit
to petermetz/cacti
that referenced
this issue
Jan 26, 2021
…dger-cacti#449 The previous commit attempting to do the same thing somehow did not achieve the expected outcome meaning that there were still leftovers of other versions of axios. For reference: CVE-2020-28168 Fixes hyperledger-cacti#449 Depends on hyperledger-cacti#506 hyperledger-cacti#507 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz
added a commit
that referenced
this issue
Jan 26, 2021
The previous commit attempting to do the same thing somehow did not achieve the expected outcome meaning that there were still leftovers of other versions of axios. For reference: CVE-2020-28168 Fixes #449 Depends on #506 #507 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
ghost
pushed a commit
to kikoncuo/cactus
that referenced
this issue
Jan 29, 2021
…dger-cacti#449 The previous commit attempting to do the same thing somehow did not achieve the expected outcome meaning that there were still leftovers of other versions of axios. For reference: CVE-2020-28168 Fixes hyperledger-cacti#449 Depends on hyperledger-cacti#506 hyperledger-cacti#507 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
ghost
pushed a commit
to kikoncuo/cactus
that referenced
this issue
Feb 4, 2021
…dger-cacti#449 The previous commit attempting to do the same thing somehow did not achieve the expected outcome meaning that there were still leftovers of other versions of axios. For reference: CVE-2020-28168 Fixes hyperledger-cacti#449 Depends on hyperledger-cacti#506 hyperledger-cacti#507 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com> Signed-off-by: Jordi Giron <jordi.giron.amezcua@accenture.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
dependencies
Pull requests that update a dependency file
Security
Related to existing or potential security vulnerabilities
Description
As a maintainer I want to have our dependencies updated to their (mostly) secure versions so that I can sleep at night.
https://nvd.nist.gov/vuln/detail/CVE-2020-28168
Acceptance Criteria
cc: @sfuji822 @takeutak @hartm @jonathan-m-hamilton
The text was updated successfully, but these errors were encountered: