Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Audit fix: upgrading deps #216

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Audit fix: upgrading deps #216

wants to merge 2 commits into from

Conversation

fmalk
Copy link
Contributor

@fmalk fmalk commented Jul 14, 2024
edited
Loading

Axios 0.x has some vulnerabilities. This PR updates and fixes code due to 1.x breaking changes.
Other packages are updated.

This brings npm audit to zero warnings.

@fmalk
Copy link
Contributor Author

fmalk commented Jul 14, 2024

I'm submitting this PR as is but please don't merge yet. It'd like to give it more time to see if nothing was indeed broken.

The axios update seems to be seamless but I can't say it with confidence rn.

I'll comment here when I feel I've tested it enough.

@fmalk fmalk marked this pull request as draft July 14, 2024 17:25
@fmalk
Copy link
Contributor Author

fmalk commented Jul 17, 2024

There is a way to deal with this inconvenience for now.

You can change your package.json to use

  "dependencies": {
    "axios": "^1.7.2",
  },
  "overrides": {
    "tiktok-live-connector": {
      "axios": "$axios"
    }
  },

As long as you're using a recent npm version. This will force this lib to use whatever version of Axios you're currently using.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@fmalk