From ac53fe76165aafe525117c3cb0e5d7f5e43b0dec Mon Sep 17 00:00:00 2001 From: Miki Date: Mon, 18 Mar 2024 21:30:37 -0700 Subject: [PATCH] Bump axios to 0.28.0 in 2.x (#6147) * Bump oui to 1.5.1 (#5862) * bump oui to 1.5.1 Signed-off-by: Ashwin P Chandran * Updates changelog --------- Signed-off-by: Ashwin P Chandran (cherry picked from commit bd75107ef9612f155710fc7217a2d1c5c6713fdb) Signed-off-by: Miki * Bump axios to 0.28.0 Signed-off-by: Miki --------- Signed-off-by: Ashwin P Chandran Signed-off-by: Miki Co-authored-by: Ashwin P Chandran --- CHANGELOG.md | 2 +- packages/osd-dev-utils/package.json | 2 +- .../src/osd_client/osd_client_requester.ts | 2 +- .../src/failed_tests_reporter/github_api.ts | 1 + packages/osd-ui-shared-deps/package.json | 2 +- scripts/postinstall.js | 8 +++++ yarn.lock | 35 ++++++++++--------- 7 files changed, 31 insertions(+), 21 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index dc35a9b4b773..c4ccfa4d6523 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) ### 🛡 Security +- [CVE-2023-45857] Bump `axios` from `0.27.2` to `0.28.0` ([#6147](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6147)) - [CVE-2024-27088] Bump es5-ext from `0.10.59` to `0.10.64` ([#6021](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6021)) ### 📈 Features/Enhancements @@ -39,7 +40,6 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - [WS-2021-0638] Bump mocha from `7.2.0` to `10.1.0` ([#2711](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2711)) - Add support for TLS v1.3 ([#5133](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5133)) - [CVE-2023-45133] Bump all babel dependencies from `7.16.x` to `7.22.9` to fix upstream vulnerability ([#5428](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5428)) -- [CVE-2023-45857] Bump `axios` from `0.27.2` to `1.6.1` ([#5470](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5470)) - [CVE-2023-26159] Bump `follow-redirects` from `1.15.2` to `1.15.4` ([#5669](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5669)) - [CVE-2020-8203] Bump `cheerio` from `0.22.0` to `1.0.0-rc.1` to fix vulnerable `lodash` dependency ([#5797](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/5797)) diff --git a/packages/osd-dev-utils/package.json b/packages/osd-dev-utils/package.json index 73c66c4009e0..871800b541f8 100644 --- a/packages/osd-dev-utils/package.json +++ b/packages/osd-dev-utils/package.json @@ -15,7 +15,7 @@ "dependencies": { "@babel/core": "^7.22.9", "@osd/utils": "1.0.0", - "axios": "^0.27.2", + "axios": "^0.28.0", "chalk": "^4.1.0", "cheerio": "1.0.0-rc.1", "dedent": "^0.7.0", diff --git a/packages/osd-dev-utils/src/osd_client/osd_client_requester.ts b/packages/osd-dev-utils/src/osd_client/osd_client_requester.ts index effa5da6dd7e..dbda8d19ecda 100644 --- a/packages/osd-dev-utils/src/osd_client/osd_client_requester.ts +++ b/packages/osd-dev-utils/src/osd_client/osd_client_requester.ts @@ -37,7 +37,7 @@ import { ToolingLog } from '../tooling_log'; const isConcliftOnGetError = (error: any) => { return ( - isAxiosResponseError(error) && error.config.method === 'GET' && error.response.status === 409 + isAxiosResponseError(error) && error.config?.method === 'GET' && error.response.status === 409 ); }; diff --git a/packages/osd-test/src/failed_tests_reporter/github_api.ts b/packages/osd-test/src/failed_tests_reporter/github_api.ts index c384d56eb104..311c6ee4134e 100644 --- a/packages/osd-test/src/failed_tests_reporter/github_api.ts +++ b/packages/osd-test/src/failed_tests_reporter/github_api.ts @@ -233,6 +233,7 @@ export class GithubApi { const githubApiFailed = isAxiosResponseError(error) && error.response.status >= 500; const errorResponseLog = isAxiosResponseError(error) && + error.config && `[${error.config.method} ${error.config.url}] ${error.response.status} ${error.response.statusText} Error`; if ((unableToReachGithub || githubApiFailed) && attempt < maxAttempts) { diff --git a/packages/osd-ui-shared-deps/package.json b/packages/osd-ui-shared-deps/package.json index c4cc0b2fae39..8f7777459b01 100644 --- a/packages/osd-ui-shared-deps/package.json +++ b/packages/osd-ui-shared-deps/package.json @@ -16,7 +16,7 @@ "@osd/i18n": "1.0.0", "@osd/monaco": "1.0.0", "abortcontroller-polyfill": "^1.4.0", - "axios": "^0.27.2", + "axios": "^0.28.0", "compression-webpack-plugin": "npm:@amoo-miki/compression-webpack-plugin@4.0.1-rc.1", "core-js": "^3.6.5", "custom-event-polyfill": "^0.3.0", diff --git a/scripts/postinstall.js b/scripts/postinstall.js index 7865473ee494..93f168c164b2 100644 --- a/scripts/postinstall.js +++ b/scripts/postinstall.js @@ -85,6 +85,14 @@ const run = async () => { ]) ); + //Axios's type definition is far too advanced for OSD + promises.push( + patchFile('node_modules/axios/index.d.ts', { + from: '[Key in Method as Lowercase]: AxiosHeaders;', + to: '[Key in Method]: AxiosHeaders;', + }) + ); + await Promise.all(promises); }; diff --git a/yarn.lock b/yarn.lock index b69c779c621b..e796784f6e08 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2810,7 +2810,7 @@ dependencies: defer-to-connect "^2.0.0" -"@testim/chrome-version@^1.1.4": +"@testim/chrome-version@^1.1.3": version "1.1.4" resolved "https://registry.yarnpkg.com/@testim/chrome-version/-/chrome-version-1.1.4.tgz#86e04e677cd6c05fa230dd15ac223fa72d1d7090" integrity sha512-kIhULpw9TrGYnHp/8VfdcneIcxKnLixmADtukQRtJUmsVlMg0niMkwV0xZmi8hqa57xqilIHjWFA0GKvEjVU5g== @@ -4909,20 +4909,21 @@ axe-core@^4.0.2, axe-core@^4.3.5: resolved "https://registry.yarnpkg.com/axe-core/-/axe-core-4.4.1.tgz#7dbdc25989298f9ad006645cd396782443757413" integrity sha512-gd1kmb21kwNuWr6BQz8fv6GNECPBnUasepcoLbekws23NVBLODdsClRZ+bQ8+9Uomf3Sm3+Vwn0oYG9NvwnJCw== -axios@^0.27.2: - version "0.27.2" - resolved "https://registry.yarnpkg.com/axios/-/axios-0.27.2.tgz#207658cc8621606e586c85db4b41a750e756d972" - integrity sha512-t+yRIyySRTp/wua5xEr+z1q60QmLq8ABsS5O9Me1AsE5dfKqgnCFzwiCZZ/cGNd1lq4/7akDWMxdhVlucjmnOQ== +axios@^0.28.0: + version "0.28.0" + resolved "https://registry.yarnpkg.com/axios/-/axios-0.28.0.tgz#801a4d991d0404961bccef46800e1170f8278c89" + integrity sha512-Tu7NYoGY4Yoc7I+Npf9HhUMtEEpV7ZiLH9yndTCoNhcpBH0kwcvFbzYN9/u5QKI5A6uefjsNNWaz5olJVYS62Q== dependencies: - follow-redirects "^1.14.9" + follow-redirects "^1.15.0" form-data "^4.0.0" + proxy-from-env "^1.1.0" axios@^1.1.3: - version "1.2.0" - resolved "https://registry.yarnpkg.com/axios/-/axios-1.2.0.tgz#1cb65bd75162c70e9f8d118a905126c4a201d383" - integrity sha512-zT7wZyNYu3N5Bu0wuZ6QccIf93Qk1eV8LOewxgjOZFd2DenOs98cJ7+Y6703d0wkaXGY6/nZd4EweJaHz9uzQw== + version "1.6.7" + resolved "https://registry.yarnpkg.com/axios/-/axios-1.6.7.tgz#7b48c2e27c96f9c68a2f8f31e2ab19f59b06b0a7" + integrity sha512-/hDJGff6/c7u0hDkvkGxR/oy6CbCs8ziCsC7SqmhjfozqiJGc8Z11wrv9z9lYfY4K8l+H9TpjcMDX0xOZmx+RA== dependencies: - follow-redirects "^1.15.0" + follow-redirects "^1.15.4" form-data "^4.0.0" proxy-from-env "^1.1.0" @@ -5783,7 +5784,7 @@ chromedriver@^107.0.3: extract-zip "^2.0.1" https-proxy-agent "^5.0.1" proxy-from-env "^1.1.0" - tcp-port-used "^1.0.2" + tcp-port-used "^1.0.1" ci-info@^3.2.0: version "3.3.0" @@ -6107,10 +6108,10 @@ compare-versions@3.5.1: resolved "https://registry.yarnpkg.com/compare-versions/-/compare-versions-3.5.1.tgz#26e1f5cf0d48a77eced5046b9f67b6b61075a393" integrity sha512-9fGPIB7C6AyM18CJJBHt5EnCZDG3oiTJYy0NjfIAGjKpzv0tkxWko7TNQHF5ymqm7IH03tqmeuBxtvD+Izh6mg== -compare-versions@^6.1.0: - version "6.1.0" - resolved "https://registry.yarnpkg.com/compare-versions/-/compare-versions-6.1.0.tgz#3f2131e3ae93577df111dba133e6db876ffe127a" - integrity sha512-LNZQXhqUvqUTotpZ00qLSaify3b4VFD588aRr8MKFw4CMUr98ytzCW5wDH5qx/DEY5kCDXcbcRuCqL0szEf2tg== +compare-versions@^5.0.1: + version "5.0.3" + resolved "https://registry.yarnpkg.com/compare-versions/-/compare-versions-5.0.3.tgz#a9b34fea217472650ef4a2651d905f42c28ebfd7" + integrity sha512-4UZlZP8Z99MGEY+Ovg/uJxJuvoXuN4M6B3hKaiackiHrgzQFEe3diJi1mf1PNHbFujM7FvLrK2bpgIaImbtZ1A== component-emitter@^1.2.1, component-emitter@^1.3.0: version "1.3.0" @@ -8827,7 +8828,7 @@ focus-lock@^0.10.2: dependencies: tslib "^2.0.3" -follow-redirects@^1.14.9, follow-redirects@^1.15.4: +follow-redirects@^1.15.0, follow-redirects@^1.15.4: version "1.15.4" resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.4.tgz#cdc7d308bf6493126b17ea2191ea0ccf3e535adf" integrity sha512-Cr4D/5wlrb0z9dgERpUL3LrmPKVDsETIJhaCMeDfuFYcqa5bldGV6wBsAN6X/vxlXQtFBMrXdXxdL8CbDTGniw== @@ -16820,7 +16821,7 @@ tar@^6.0.2, tar@^6.1.11: mkdirp "^1.0.3" yallist "^4.0.0" -tcp-port-used@^1.0.1: +tcp-port-used@^1.0.2: version "1.0.2" resolved "https://registry.yarnpkg.com/tcp-port-used/-/tcp-port-used-1.0.2.tgz#9652b7436eb1f4cfae111c79b558a25769f6faea" integrity sha512-l7ar8lLUD3XS1V2lfoJlCBaeoaWo/2xfYt81hM7VlvR4RrMVFqfmzfhLVk40hAb368uitje5gPtBRL1m/DGvLA==