Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Remove CVE-2023-45857 vulnerability #1379

Merged
merged 7 commits into from
Aug 29, 2024
Merged

fix: Remove CVE-2023-45857 vulnerability #1379

merged 7 commits into from
Aug 29, 2024

Conversation

JhontSouth
Copy link
Collaborator

#minor

Description

This PR updates the version of the package axios to ^1.6.0 and avoids the CVE-2023-45857 vulnerability.
The new axios version required some adjustments to work with new Typescript versions as well.

Specific Changes

  • Updated axios from 0.24.0 to ^1.6.0.
  • Updated @oclif/command from ~1.5.19 to ~1.8.36.
  • Updated @types/node to version ^11.3.7.
  • Updated ts-node from ^9.0.0 to ^10.8.1.
  • Updated typescript to version ^4.9.5.
  • Fixed some code pieces to work with new TypeScript rules.
  • Added useUnknownInCatchVariables property in the tsconfig files.

Testing

The following image shows the coverage tests working after the changes.
image

@JhontSouth
Copy link
Collaborator Author

@tracyboehrer conflicts resolved

@tracyboehrer tracyboehrer merged commit bf3fdb6 into main Aug 29, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tracyboehrer tracyboehrer tracyboehrer approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@JhontSouth @tracyboehrer