From 68756835c1ee421553c9e5323c53b6e6250c475b Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 28 Oct 2023 05:24:37 +0000 Subject: [PATCH 1/2] fix: packages/connect-session/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-6032459 --- packages/connect-session/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/connect-session/package.json b/packages/connect-session/package.json index eebbf0221d..afaf21f228 100644 --- a/packages/connect-session/package.json +++ b/packages/connect-session/package.json @@ -37,7 +37,7 @@ "commit": "yarn test --coverage --no-cache --silent --forceExit --detectOpenHandles --runInBand --watch=false && jest-coverage-badges --input src/tests/coverage/coverage-summary.json --output src/tests/badges && yarn lint --fix && yarn check" }, "dependencies": { - "axios": "^0.27.2", + "axios": "^1.6.0", "base-64": "^1.0.0", "idtoken-verifier": "^2.2.3", "isomorphic-fetch": "^3.0.0", From beee5dd2ac5682454a446fd8739c6cbfdaa9378b Mon Sep 17 00:00:00 2001 From: Ashleigh Simonelli Date: Tue, 31 Oct 2023 15:40:32 +0000 Subject: [PATCH 2/2] chore: updated axios for connect session --- yarn.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/yarn.lock b/yarn.lock index 726d709d7e..50945b9f67 100644 --- a/yarn.lock +++ b/yarn.lock @@ -11554,7 +11554,7 @@ __metadata: "@types/base-64": "npm:^1.0.0" "@typescript-eslint/eslint-plugin": "npm:^5.59.7" "@typescript-eslint/parser": "npm:^5.59.7" - axios: "npm:^0.27.2" + axios: "npm:^1.6.0" babel-jest: "npm:^29.5.0" base-64: "npm:^1.0.0" concurrently: "npm:^6.5.1"