Skip to content

Commit

Permalink
[CVE] Bumps chromedriver to v100 and axios to v0.27.2 (#1552)
Browse files Browse the repository at this point in the history
* Addresses CVE-2022-1214
* Bumps and resolves `axios` to ^0.27.2 to address CVE
  * [CHANGELOG](https://github.com/axios/axios/blob/master/CHANGELOG.md)
* Bumps `chromedriver` to v100 to match GitHub actions

Signed-off-by: Bishoy Boktor <boktorbb@amazon.com>
  • Loading branch information
Bishoy Boktor authored May 6, 2022
1 parent 40a72f2 commit cba0764
Show file tree
Hide file tree
Showing 4 changed files with 21 additions and 19 deletions.
3 changes: 2 additions & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,7 @@
"**/@types/node": "^14.17.32",
"**/ansi-regex": "^5.0.1",
"**/async": "^3.2.3",
"**/axios": "^0.27.2",
"**/glob-parent": "^6.0.0",
"**/hoist-non-react-statics": "^3.3.2",
"**/json-schema": "^0.4.0",
Expand Down Expand Up @@ -338,7 +339,7 @@
"chai": "3.5.0",
"chance": "1.0.18",
"cheerio": "0.22.0",
"chromedriver": "^91.0.1",
"chromedriver": "^100.0.0",
"classnames": "2.3.1",
"compare-versions": "3.5.1",
"d3": "3.5.17",
Expand Down
2 changes: 1 addition & 1 deletion packages/osd-dev-utils/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
"dependencies": {
"@babel/core": "^7.16.5",
"@osd/utils": "1.0.0",
"axios": "^0.21.4",
"axios": "^0.27.2",
"chalk": "^4.1.0",
"cheerio": "0.22.0",
"dedent": "^0.7.0",
Expand Down
2 changes: 1 addition & 1 deletion packages/osd-ui-shared-deps/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
"@osd/monaco": "1.0.0",
"abortcontroller-polyfill": "^1.4.0",
"angular": "^1.8.2",
"axios": "^0.21.4",
"axios": "^0.27.2",
"compression-webpack-plugin": "^4.0.0",
"core-js": "^3.6.5",
"custom-event-polyfill": "^0.3.0",
Expand Down
33 changes: 17 additions & 16 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -2628,7 +2628,7 @@
dependencies:
defer-to-connect "^2.0.0"

"@testim/chrome-version@^1.0.7":
"@testim/chrome-version@^1.1.2":
version "1.1.2"
resolved "https://registry.yarnpkg.com/@testim/chrome-version/-/chrome-version-1.1.2.tgz#092005c5b77bd3bb6576a4677110a11485e11864"
integrity sha512-1c4ZOETSRpI0iBfIFUqU4KqwBAB2lHUAlBjZz/YqOHqwM9dTTzjV6Km0ZkiEiSCx/tLr1BtESIKyWWMww+RUqw==
Expand Down Expand Up @@ -4775,12 +4775,13 @@ axe-core@^4.0.2, axe-core@^4.3.5:
resolved "https://registry.yarnpkg.com/axe-core/-/axe-core-4.4.1.tgz#7dbdc25989298f9ad006645cd396782443757413"
integrity sha512-gd1kmb21kwNuWr6BQz8fv6GNECPBnUasepcoLbekws23NVBLODdsClRZ+bQ8+9Uomf3Sm3+Vwn0oYG9NvwnJCw==

axios@^0.21.1, axios@^0.21.4:
version "0.21.4"
resolved "https://registry.yarnpkg.com/axios/-/axios-0.21.4.tgz#c67b90dc0568e5c1cf2b0b858c43ba28e2eda575"
integrity sha512-ut5vewkiu8jjGBdqpM44XxjuCjq9LAKeHVmoVfHVzy8eHgxxq8SbAVQNovDA8mVi05kP0Ea/n/UzcSHcTJQfNg==
axios@^0.24.0, axios@^0.27.2:
version "0.27.2"
resolved "https://registry.yarnpkg.com/axios/-/axios-0.27.2.tgz#207658cc8621606e586c85db4b41a750e756d972"
integrity sha512-t+yRIyySRTp/wua5xEr+z1q60QmLq8ABsS5O9Me1AsE5dfKqgnCFzwiCZZ/cGNd1lq4/7akDWMxdhVlucjmnOQ==
dependencies:
follow-redirects "^1.14.0"
follow-redirects "^1.14.9"
form-data "^4.0.0"

axobject-query@^2.2.0:
version "2.2.0"
Expand Down Expand Up @@ -5686,13 +5687,13 @@ chrome-trace-event@^1.0.2:
resolved "https://registry.yarnpkg.com/chrome-trace-event/-/chrome-trace-event-1.0.3.tgz#1015eced4741e15d06664a957dbbf50d041e26ac"
integrity sha512-p3KULyQg4S7NIHixdwbGX+nFHkoBiA4YQmyWtjb8XngSKV124nJmRysgAeujbUVb15vh+RvFUfCPqU7rXk+hZg==

chromedriver@^91.0.1:
version "91.0.1"
resolved "https://registry.yarnpkg.com/chromedriver/-/chromedriver-91.0.1.tgz#4d70a569901e356c978a41de3019c464f2a8ebd0"
integrity sha512-9LktpHiUxM4UWUsr+jI1K1YKx2GENt6BKKJ2mibPj1Wc6ODzX/3fFIlr8CZ4Ftuyga+dHTTbAyPWKwKvybEbKA==
chromedriver@^100.0.0:
version "100.0.0"
resolved "https://registry.yarnpkg.com/chromedriver/-/chromedriver-100.0.0.tgz#1b4bf5c89cea12c79f53bc94d8f5bb5aa79ed7be"
integrity sha512-oLfB0IgFEGY9qYpFQO/BNSXbPw7bgfJUN5VX8Okps9W2qNT4IqKh5hDwKWtpUIQNI6K3ToWe2/J5NdpurTY02g==
dependencies:
"@testim/chrome-version" "^1.0.7"
axios "^0.21.1"
"@testim/chrome-version" "^1.1.2"
axios "^0.24.0"
del "^6.0.0"
extract-zip "^2.0.1"
https-proxy-agent "^5.0.0"
Expand Down Expand Up @@ -8739,10 +8740,10 @@ focus-lock@^0.10.2:
dependencies:
tslib "^2.0.3"

follow-redirects@^1.14.0:
version "1.14.9"
resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.14.9.tgz#dd4ea157de7bfaf9ea9b3fbd85aa16951f78d8d7"
integrity sha512-MQDfihBQYMcyy5dhRDJUHcw7lb2Pv/TuE6xP1vyraLukNDHKbDxDNaOE3NbCAdKQApno+GPRyo1YAp89yCjK4w==
follow-redirects@^1.14.9:
version "1.15.0"
resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.0.tgz#06441868281c86d0dda4ad8bdaead2d02dca89d4"
integrity sha512-aExlJShTV4qOUOL7yF1U5tvLCB0xQuudbf6toyYA0E/acBNw71mvjFTnLaRp50aQaYocMR0a/RMMBIHeZnGyjQ==

font-awesome@4.7.0:
version "4.7.0"
Expand Down

0 comments on commit cba0764

Please sign in to comment.