From 7dfc55a20ec257d6eb750768ed3f351ed58caf18 Mon Sep 17 00:00:00 2001 From: ZilongX <99905560+ZilongX@users.noreply.github.com> Date: Tue, 2 Jul 2024 10:12:29 -0700 Subject: [PATCH] [CVE] Bump up axios to 1.7.2 to fix SNYK-JS-AXIOS-6144788 (#7149) * [CVE] Bump up axios to 1.7.2 to fix SNYK-JS-AXIOS-6144788 Signed-off-by: Zilong Xia * Changeset file for PR #7149 created/updated --------- Signed-off-by: Zilong Xia Co-authored-by: opensearch-changeset-bot[bot] <154024398+opensearch-changeset-bot[bot]@users.noreply.github.com> (cherry picked from commit 027122ef196fc958da1a565d6f2f4823d9e0ea44) --- changelogs/fragments/7149.yml | 2 ++ yarn.lock | 21 ++++++--------------- 2 files changed, 8 insertions(+), 15 deletions(-) create mode 100644 changelogs/fragments/7149.yml diff --git a/changelogs/fragments/7149.yml b/changelogs/fragments/7149.yml new file mode 100644 index 000000000000..8a4960b6856c --- /dev/null +++ b/changelogs/fragments/7149.yml @@ -0,0 +1,2 @@ +security: +- [SNYK-JS-AXIOS-6144788] Bump axios to `1.7.2` ([#7149](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/7149)) \ No newline at end of file diff --git a/yarn.lock b/yarn.lock index 07d1a80296a5..40df4e10c215 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4774,21 +4774,12 @@ axe-core@^4.0.2, axe-core@^4.3.5: resolved "https://registry.yarnpkg.com/axe-core/-/axe-core-4.4.1.tgz#7dbdc25989298f9ad006645cd396782443757413" integrity sha512-gd1kmb21kwNuWr6BQz8fv6GNECPBnUasepcoLbekws23NVBLODdsClRZ+bQ8+9Uomf3Sm3+Vwn0oYG9NvwnJCw== -axios@^0.28.0: - version "0.28.0" - resolved "https://registry.yarnpkg.com/axios/-/axios-0.28.0.tgz#801a4d991d0404961bccef46800e1170f8278c89" - integrity sha512-Tu7NYoGY4Yoc7I+Npf9HhUMtEEpV7ZiLH9yndTCoNhcpBH0kwcvFbzYN9/u5QKI5A6uefjsNNWaz5olJVYS62Q== - dependencies: - follow-redirects "^1.15.0" - form-data "^4.0.0" - proxy-from-env "^1.1.0" - -axios@^1.1.3: - version "1.6.7" - resolved "https://registry.yarnpkg.com/axios/-/axios-1.6.7.tgz#7b48c2e27c96f9c68a2f8f31e2ab19f59b06b0a7" - integrity sha512-/hDJGff6/c7u0hDkvkGxR/oy6CbCs8ziCsC7SqmhjfozqiJGc8Z11wrv9z9lYfY4K8l+H9TpjcMDX0xOZmx+RA== +axios@^1.6.1, axios@^1.6.5: + version "1.7.2" + resolved "https://registry.yarnpkg.com/axios/-/axios-1.7.2.tgz#b625db8a7051fbea61c35a3cbb3a1daa7b9c7621" + integrity sha512-2A8QhOMrbomlDuiLeK9XibIBzuHeRcqqNOHp0Cyp5EoJ1IFDh+XZH3A6BkXtv0K4gFGCI0Y4BM7B1wOEi0Rmgw== dependencies: - follow-redirects "^1.15.4" + follow-redirects "^1.15.6" form-data "^4.0.0" proxy-from-env "^1.1.0" @@ -8410,7 +8401,7 @@ focus-lock@^0.10.2: dependencies: tslib "^2.0.3" -follow-redirects@^1.15.0, follow-redirects@^1.15.4, follow-redirects@^1.15.6: +follow-redirects@^1.15.4, follow-redirects@^1.15.6: version "1.15.6" resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.6.tgz#7f815c0cda4249c74ff09e95ef97c23b5fd0399b" integrity sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA==