-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bumped axios version, ran npm install, pushing updates up #275
Conversation
Vulnerable Libraries (5)
More info on how to fix Vulnerable Libraries in JavaScript. 👉 Go to the dashboard for detailed results. 📥 Happy? Share your feedback with us. |
@bamohan , I don't have a lob api key to run tests locally. Could you help me verify that tests are still passing? Also, the security issues found by guardrails are for dev dependencies. Could these be overlooked for this PR? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I ran the tests on the PR and looks like the upgrade does have some breaking changes. Could you take a look. You should be able to see the breaking tests on the PR, let me know if not.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bamohan @ronakshahlob Heya, I did an update to Steve's patch here. Due to how Axios changed packaging with cjs, Jest 27 is not able to understand that. We could add a hack/exception, but the easier solution is to just update that to Jest 29. So I did that and verified that npm test works locally now. Thanks! |
Any update here? It would be nice to remove vulnerabilities |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so you were able to test locally, no breaking changes from axios? if yes, good to merge.
I think we should also bump up this package's version from "version": "1.3.3",
to 1.3.4
All tests passed; we used the update in our code as well with no issues, however that's not to say we exercise all the functionality but seemed ok. Feel free to bump the version as appropriate after merging so you can release :) |
Hello @stbarillas @amaan-lob @BennyKitchell |
also requesting this, axios is showing up in our vulnerability scans from @lob/lob-typescript-sdk |
I will publish |
ended up publishing version |
Description
Small PR
Bumping Axios version to address vulnerability
Verify