Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade Axios to fix security vulnerability #13542

Merged
merged 1 commit into from
Jan 16, 2021
Merged

Upgrade Axios to fix security vulnerability #13542

merged 1 commit into from
Jan 16, 2021

Conversation

mraible
Copy link
Contributor

@mraible mraible commented Jan 15, 2021
edited
Loading

Upgrade Axios to fix a security vulnerability.

Screen Shot 2021-01-15 at 9 46 11 AM

Even after this update, there's still a lot of React dependencies that are out-of-date. If you run npm-check-updates in generators/client/templates/react, you'll see the list of outdated dependencies.

 @fortawesome/fontawesome-svg-core     1.2.30  →    1.2.34
 @fortawesome/free-solid-svg-icons     5.14.0  →    5.15.2
 @fortawesome/react-fontawesome        0.1.12  →    0.1.14
 bootstrap                              4.4.1  →     4.5.3
 bootswatch                             4.3.1  →     4.5.3
 lodash                               4.17.15  →   4.17.20
 react-redux                            7.2.0  →     7.2.2
 react-redux-loading-bar                4.6.0  →     5.0.0
 react-router-dom                       5.1.2  →     5.2.0
 react-toastify                         5.5.0  →     6.2.0
 react-transition-group                 4.3.0  →     4.4.1
 reactstrap                             8.6.0  →     8.8.1
 redux-devtools                         3.5.0  →     3.7.0
 redux-devtools-dock-monitor            1.1.3  →     1.2.0
 redux-devtools-log-monitor             1.4.0  →     2.1.0
 tslib                                 1.11.1  →     2.1.0
 uuid                                   7.0.3  →     8.3.2
 @testing-library/react                10.4.8  →    11.2.3
 @types/jest                          26.0.10  →   26.0.20
 @types/lodash                       4.14.150  →  4.14.167
 @types/node                          13.13.4  →  14.14.21
 @types/react                         16.9.34  →    17.0.0
 @types/react-dom                      16.9.6  →    17.0.0
 @types/react-redux                     7.1.7  →    7.1.15
 @types/react-router-dom                5.1.5  →     5.1.7
 @types/webpack-env                    1.15.2  →    1.16.0
 @typescript-eslint/eslint-plugin       4.8.0  →    4.13.0
 @typescript-eslint/parser              4.8.0  →    4.13.0
 autoprefixer                           9.7.6  →    10.2.1
 browser-sync                          2.26.7  →   2.26.13
 browser-sync-webpack-plugin            2.2.2  →     2.3.0
 copy-webpack-plugin                    6.0.3  →     7.0.0
 core-js                                3.6.5  →     3.8.2
 cross-env                              7.0.2  →     7.0.3
 css-loader                             3.5.3  →     5.0.1
 eslint                                7.13.0  →    7.17.0
 eslint-config-prettier                6.15.0  →     7.1.0
 eslint-plugin-react                   7.21.5  →    7.22.0
 eslint-webpack-plugin                  2.3.0  →     2.4.1
 file-loader                            6.0.0  →     6.2.0
 fork-ts-checker-webpack-plugin         4.1.3  →     6.1.0
 html-webpack-plugin                    4.3.0  →     4.5.1
 jest                                  26.4.2  →    26.6.3
 jest-junit                            11.1.0  →    12.0.0
 mini-css-extract-plugin                0.9.0  →     1.3.4
 optimize-css-assets-webpack-plugin     5.0.3  →     5.0.4
 postcss-loader                         3.0.0  →     4.1.0
 sass                                  1.26.5  →    1.32.4
 sass-loader                            8.0.2  →    10.1.1
 sinon                                  9.0.2  →     9.2.3
 source-map-loader                      0.2.4  →     2.0.0
 style-loader                           1.2.0  →     2.0.0
 swagger-ui-dist                       3.25.1  →    3.40.0
 terser-webpack-plugin                  2.3.6  →     5.1.1
 thread-loader                          2.1.3  →     3.0.1
 ts-jest                               26.4.3  →    26.4.4
 ts-loader                              7.0.1  →    8.0.14
 webpack                               4.46.0  →    5.14.0
 webpack-cli                           3.3.11  →     4.3.1
 webpack-dev-server                    3.10.3  →    3.11.2
 webpack-merge                          5.0.9  →     5.7.3
 webpack-notifier                       1.8.0  →    1.12.0
 workbox-webpack-plugin                 5.1.3  →     6.0.2

Please make sure the below checklist is followed for Pull Requests.

@mraible mraible requested a review from qmonmert January 15, 2021 18:40
@mraible
Copy link
Contributor Author

mraible commented Jan 15, 2021

@qmonmert What do you think about the other React dependencies that are out of date? Should we upgrade them?

@qmonmert
Copy link
Contributor

@qmonmert What do you think about the other React dependencies that are out of date? Should we upgrade them?

I think that this PR #13535 should upgrade a lot of dependencies, after that we will see

@pascalgrimaud pascalgrimaud merged commit 8753793 into jhipster:main Jan 16, 2021
@pascalgrimaud pascalgrimaud added this to the 7.0.0-beta.1 milestone Jan 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@qmonmert qmonmert qmonmert approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
7.0.0-beta.1
Development

Successfully merging this pull request may close these issues.
3 participants
@mraible @qmonmert @pascalgrimaud