Skip to content
This repository was archived by the owner on Apr 22, 2022. It is now read-only.

Bumping versions of axios (dev) and systeminformation to address secu… #27

Open
alrosot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bumping versions of axios (dev) and systeminformation to address secu… #27

alrosot wants to merge 1 commit into from

Conversation

@alrosot
Copy link

@alrosot alrosot commented May 20, 2021

…rity vulnerabilities

What does this PR do?

Updates two dependencies in order to address security vulnerabilities

Motivation

axios, a development dependency was suggested to get fixed through npm audit fix

systeminformation:4.22.5, which is the main reason for this PR, is vulnerable to command injection. A fix was applied on version 5.6.7

@alrosot
Copy link
Author

alrosot commented May 20, 2021

Apparently those failing steps on circleci are not related to this change. They are also present in master: https://app.circleci.com/pipelines/github/lightstep/ls-trace-js

@alrosot alrosot force-pushed the addressing-vulnerabilities branch 3 times, most recently from c4922a2 to 3a44383 Compare June 4, 2021 05:52
@alrosot alrosot mentioned this pull request Jun 10, 2021
Open
@alrosot alrosot mentioned this pull request Jul 26, 2021
Open
@alrosot
Copy link
Author

alrosot commented Jul 26, 2021

The tests didn't have an upper bound for tedious versions. And it seems this library only made it's compatibility up to version 9.2.3 (version 11x broke it).
So I prepared a spin-off PR with a bit os scope creeping so I could have the tests passing again: #28

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alrosot @atlas-rosot