fix(deps): upgrade axios and typescript #288
Conversation
|
I uncovered an issue with this upgrade and multi-part/form-data: There is a hack to get around it, but the official fix isn't merged yet so I'm going to undo my usage of the axios upgrade until an official fix is available. I'll try to remember to update the PR when fixed. |
|
Thanks @jeremyadavis for the PR |
|
@jeremyadavis you should try bumping the version of axios to |
axios 0.27.0 refactored their error handling which broke a few tests
|
I upgrade axios to Notably, axios 0.27.0 had refactored their error handling which broke a couple of tests that had expected null responses, that now have explicit error strings. |
|
Any update on this one ? thank you ! |
|
Could someone please merge and release this? It has been months since it was opened. |
|
@infinitered-circleci @jamonholmgren Thank you |
|
What's the status on this? |
|
Any chance this could be merged and released? Perhaps labeled as beta for a while? |
|
Any update ? |
|
When this PR can be merged? upgrading axios lib version will fix CVE-2022-0155 and CVE-2022-0536. |
|
@infinitered-circleci any one can merge this? thanks |
|
Pretty please @jamonholmgren, is anyone on your team able to merge this? Or should we move on from apisauce? That's ok, but would be good to know. |
|
Hey folks, I'll take a look at this. Kinda slipped off my radar. Not enough people tagged me 😂 |
# [3.0.0](v2.1.6...v3.0.0) (2023-03-08) ### Bug Fixes * **.circleci:** Add infinitered-npm-package context ([abfba3a](abfba3a)) * **circleci:** Set context in proper place ([#306](#306)) ([6702d84](6702d84)) ### Features * **deps:** upgrade axios and typescript ([#288](#288) by [@jeremyadavis](https://github.com/jeremyadavis)) ([a1ae536](a1ae536)) ### BREAKING CHANGES * **deps:** upgrades axios to latest version [with some breaking changes](https://github.com/axios/axios/blob/main/CHANGELOG.md) (shouldn't have an effect on most projects but we are releasing as a breaking change to be safe)
|
🎉 This PR is included in version 3.0.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
|
@jeremyadavis Thanks a ton for sending in this PR, and for your patience. We've been focusing on Ignite and Reactotron lately, but apisauce is on our list to revive at some point. |
This fixes vulnerabilities in the axios library: CVE-2022-0155 and CVE-2022-0536.
There are a couple of things to consider if this PR is worth merging:
TBH, I don't understand why the tsconfig doesn't exclude node_modules, so maybe that's the better approach unless I'm missing something.
I tested this locally with my company's iOS and Android app and saw no issues. I did not test on the web.
Fixes: #287