Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): upgrade axios to 0.21.1 due to high severity CVE #449 #508

Merged
merged 1 commit into from
Jan 26, 2021
Merged

build(deps): upgrade axios to 0.21.1 due to high severity CVE #449 #508

merged 1 commit into from
Jan 26, 2021

Conversation

petermetz
Copy link
Contributor

The previous commit attempting to do the same thing
somehow did not achieve the expected outcome meaning
that there were still leftovers of other versions of axios.

For reference: CVE-2020-28168

Fixes #449

Depends on #506 #507

Signed-off-by: Peter Somogyvari peter.somogyvari@accenture.com

@petermetz petermetz added bug Something isn't working dependencies Pull requests that update a dependency file Security Related to existing or potential security vulnerabilities labels Jan 21, 2021
@petermetz petermetz added this to the v0.4.0 milestone Jan 21, 2021
@petermetz petermetz enabled auto-merge (rebase) January 21, 2021 03:31
jonathan-m-hamilton
jonathan-m-hamilton approved these changes Jan 21, 2021
View reviewed changes
Copy link
Contributor

@jonathan-m-hamilton jonathan-m-hamilton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@petermetz
build(deps): upgrade axios to 0.21.1 due to high severity CVE hyperle…
cbb9e5e 
…dger-cacti#449

The previous commit attempting to do the same thing
somehow did not achieve the expected outcome meaning
that there were still leftovers of other versions of axios.

For reference: CVE-2020-28168

Fixes hyperledger-cacti#449

Depends on hyperledger-cacti#506 hyperledger-cacti#507

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
@github-actions
Copy link

🎉 Great news! Looks like all the dependencies have been resolved:

💡 To add or remove a dependency please update this issue/PR description.

Brought to you by Dependent Issues (:robot: ). Happy coding!

@petermetz petermetz merged commit 38f7a0f into hyperledger-cacti:main Jan 26, 2021
@petermetz petermetz deleted the fix/security/cve-2020-28168 branch January 26, 2021 02:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonathan-m-hamilton jonathan-m-hamilton jonathan-m-hamilton approved these changes

@takeutak takeutak takeutak approved these changes

@sfuji822 sfuji822 Awaiting requested review from sfuji822

Assignees
No one assigned
Labels
bug Something isn't working dependencies Pull requests that update a dependency file Security Related to existing or potential security vulnerabilities
Projects
None yet
Milestone
v0.4.0
Development

Successfully merging this pull request may close these issues.

build(deps): upgrade axios to 0.21.1 due to high severity vulnerability
3 participants
@petermetz @jonathan-m-hamilton @takeutak