fix(deps): update dependency axios to v1.7.4 [security] (#2063)

* fix(deps): update dependency axios to v1.7.4 [security] Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency axios to v1.7.4 [security] Signed-off-by: Marek Libra <mlibra@redhat.com> * Unify axios instance used by the jest tests Signed-off-by: Marek Libra <mlibra@redhat.com> * Update yarn.lock Signed-off-by: Marek Libra <mlibra@redhat.com> * Add --passWithNoTests to orchestrator-form-react Signed-off-by: Marek Libra <mlibra@redhat.com> * Update axios to 1.7.4 in kiali-backend/dist-dynamic Signed-off-by: Marek Libra <mlibra@redhat.com> * Update axios to 1.7.4 in orchestrator-backend/dist-dynamic Signed-off-by: Marek Libra <mlibra@redhat.com> * Update axios to 1.7.4 in servicenow-actions/dist-dynamic Signed-off-by: Marek Libra <mlibra@redhat.com> * Update axios to 1.7.4 in feedback-backend/dist-dynamic Signed-off-by: Marek Libra <mlibra@redhat.com> --------- Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Marek Libra <mlibra@redhat.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
janus-idp · Aug 19, 2024 · f913d7d · f913d7d
1 parent 03cfe54
commit f913d7d
Show file tree

Hide file tree

Showing 20 changed files with 57 additions and 38 deletions.
diff --git a/plugins/feedback-backend/dist-dynamic/package.json b/plugins/feedback-backend/dist-dynamic/package.json
@@ -30,7 +30,7 @@
   "scripts": {},
   "dependencies": {
     "@types/express": "*",
-    "axios": "^1.6.4",
+    "axios": "^1.7.4",
     "express": "^4.17.1",
     "express-promise-router": "^4.1.0",
     "knex": "^3.1.0",

diff --git a/plugins/feedback-backend/dist-dynamic/yarn.lock b/plugins/feedback-backend/dist-dynamic/yarn.lock
diff --git a/plugins/feedback-backend/package.json b/plugins/feedback-backend/package.json
@@ -52,7 +52,7 @@
     "@backstage/catalog-model": "^1.5.0",
     "@backstage/config": "^1.2.0",
     "@types/express": "*",
-    "axios": "^1.6.4",
+    "axios": "^1.7.4",
     "express": "^4.17.1",
     "express-promise-router": "^4.1.0",
     "knex": "^3.1.0",

diff --git a/plugins/feedback/package.json b/plugins/feedback/package.json
@@ -40,7 +40,7 @@
     "@mui/icons-material": "^5.15.18",
     "@mui/material": "^5.15.18",
     "@one-platform/opc-feedback": "0.1.1-alpha",
-    "axios": "^1.6.4",
+    "axios": "^1.7.4",
     "react-use": "^17.2.4"
   },
   "peerDependencies": {

diff --git a/plugins/kiali-backend/dist-dynamic/package.json b/plugins/kiali-backend/dist-dynamic/package.json
@@ -30,7 +30,7 @@
   "scripts": {},
   "configSchema": "config.d.ts",
   "dependencies": {
-    "axios": "^1.6.0",
+    "axios": "^1.7.4",
     "express": "^4.18.2",
     "express-promise-router": "^4.1.1",
     "moment": "^2.29.4",

diff --git a/plugins/kiali-backend/dist-dynamic/yarn.lock b/plugins/kiali-backend/dist-dynamic/yarn.lock
diff --git a/plugins/kiali-backend/package.json b/plugins/kiali-backend/package.json
@@ -54,7 +54,7 @@
     "@backstage/plugin-auth-node": "^0.4.17",
     "@backstage/plugin-catalog-node": "^1.12.4",
     "@backstage/backend-dynamic-feature-service": "^0.2.15",
-    "axios": "^1.6.0",
+    "axios": "^1.7.4",
     "express": "^4.18.2",
     "express-promise-router": "^4.1.1",
     "moment": "^2.29.4",

diff --git a/plugins/kiali/package.json b/plugins/kiali/package.json
@@ -50,7 +50,7 @@
     "@patternfly/react-topology": "5.1.0",
     "@types/regression": "^2.0.6",
     "ace-builds": "^1.32.7",
-    "axios": "^1.5.1",
+    "axios": "^1.7.4",
     "cytoscape": "3.29.2",
     "d3-format": "^3.1.0",
     "deep-freeze": "0.0.1",

diff --git a/plugins/matomo/package.json b/plugins/matomo/package.json
@@ -41,7 +41,7 @@
     "@mui/icons-material": "^5.15.18",
     "@mui/material": "^5.15.18",
     "@tanstack/react-query": "^4.36.1",
-    "axios": "^1.6.0",
+    "axios": "^1.7.4",
     "react-use": "^17.4.0",
     "recharts": "^2.9.0"
   },

diff --git a/plugins/orchestrator-backend/dist-dynamic/package.json b/plugins/orchestrator-backend/dist-dynamic/package.json
@@ -63,7 +63,7 @@
     "yn": "^5.0.0",
     "@severlessworkflow/sdk-typescript": "^3.0.3",
     "js-yaml": "^4.1.0",
-    "axios": "^1.6.8"
+    "axios": "^1.7.4"
   },
   "devDependencies": {},
   "peerDependencies": {

diff --git a/plugins/orchestrator-backend/dist-dynamic/yarn.lock b/plugins/orchestrator-backend/dist-dynamic/yarn.lock
diff --git a/plugins/orchestrator-common/package.json b/plugins/orchestrator-common/package.json
@@ -59,7 +59,7 @@
     "@severlessworkflow/sdk-typescript": "^3.0.3",
     "js-yaml": "^4.1.0",
     "json-schema": "^0.4.0",
-    "axios": "^1.6.8"
+    "axios": "^1.7.4"
   },
   "devDependencies": {
     "@backstage/cli": "0.26.11",

diff --git a/plugins/orchestrator-form-react/package.json b/plugins/orchestrator-form-react/package.json
@@ -18,7 +18,7 @@
     "start": "backstage-cli package start",
     "build": "backstage-cli package build",
     "lint": "backstage-cli package lint",
-    "test": "backstage-cli package test",
+    "test": "backstage-cli package test --passWithNoTests --coverage",
     "clean": "backstage-cli package clean",
     "prepack": "backstage-cli package prepack",
     "postpack": "backstage-cli package postpack",

diff --git a/plugins/orchestrator/package.json b/plugins/orchestrator/package.json
@@ -68,7 +68,7 @@
     "@kie-tools/serverless-workflow-language-service": "^0.32.0",
     "@kie-tools/serverless-workflow-service-catalog": "^0.32.0",
     "@monaco-editor/react": "^4.6.0",
-    "axios": "1.6.8",
+    "axios": "1.7.4",
     "moment": "^2.29.4",
     "monaco-editor": "^0.49.0",
     "react-json-view": "^1.21.3",

diff --git a/plugins/orchestrator/src/api/OrchestratorClient.test.ts b/plugins/orchestrator/src/api/OrchestratorClient.test.ts
@@ -60,6 +60,7 @@ describe('OrchestratorClient', () => {
     orchestratorClientOptions = {
       discoveryApi: mockDiscoveryApi,
       identityApi: mockIdentityApi,
+      axiosInstance: axios,
     };
     orchestratorClient = new OrchestratorClient(orchestratorClientOptions);
   });
@@ -387,6 +388,7 @@ describe('OrchestratorClient', () => {
       axios.request = jest
         .fn()
         .mockRejectedValueOnce(new Error('Simulated error'));
+
       // When
       const promise = orchestratorClient.listWorkflowOverviews();
 

diff --git a/plugins/orchestrator/src/api/OrchestratorClient.ts b/plugins/orchestrator/src/api/OrchestratorClient.ts
@@ -3,6 +3,7 @@ import { ResponseError } from '@backstage/errors';
 import { JsonObject } from '@backstage/types';
 
 import axios, {
+  AxiosInstance,
   AxiosRequestConfig,
   AxiosResponse,
   RawAxiosRequestHeaders,
@@ -31,32 +32,39 @@ import { OrchestratorApi } from './api';
 export interface OrchestratorClientOptions {
   discoveryApi: DiscoveryApi;
   identityApi: IdentityApi;
+  axiosInstance?: AxiosInstance;
 }
 export class OrchestratorClient implements OrchestratorApi {
   private readonly discoveryApi: DiscoveryApi;
   private readonly identityApi: IdentityApi;
+  private axiosInstance?: AxiosInstance;
+
   private baseUrl: string | null = null;
   constructor(options: OrchestratorClientOptions) {
     this.discoveryApi = options.discoveryApi;
     this.identityApi = options.identityApi;
+    this.axiosInstance = options.axiosInstance;
   }
 
   async getDefaultAPI(): Promise<DefaultApi> {
     const baseUrl = await this.getBaseUrl();
     const { token: idToken } = await this.identityApi.getCredentials();
 
-    const axiosInstance = axios.create({
-      baseURL: baseUrl,
-      headers: {
-        ...(idToken && { Authorization: `Bearer ${idToken}` }),
-      },
-      withCredentials: true,
-    });
+    // Fixme: Following makes mocking of global axios complicated in the tests, ideally there should be just one axios instance:
+    this.axiosInstance =
+      this.axiosInstance ||
+      axios.create({
+        baseURL: baseUrl,
+        headers: {
+          ...(idToken && { Authorization: `Bearer ${idToken}` }),
+        },
+        withCredentials: true,
+      });
     const config = new Configuration({
       basePath: baseUrl,
     });
 
-    return new DefaultApi(config, baseUrl, axiosInstance);
+    return new DefaultApi(config, baseUrl, this.axiosInstance);
   }
   private async getBaseUrl(): Promise<string> {
     if (!this.baseUrl) {

diff --git a/plugins/servicenow-actions/dist-dynamic/package.json b/plugins/servicenow-actions/dist-dynamic/package.json
@@ -28,7 +28,7 @@
   "scripts": {},
   "dependencies": {
     "abort-controller": "^3.0.0",
-    "axios": "^1.6.8",
+    "axios": "^1.7.4",
     "form-data": "^4.0.0",
     "yaml": "^2.3.3",
     "zod": "^3.22.4"

diff --git a/plugins/servicenow-actions/dist-dynamic/yarn.lock b/plugins/servicenow-actions/dist-dynamic/yarn.lock
diff --git a/plugins/servicenow-actions/package.json b/plugins/servicenow-actions/package.json
@@ -48,7 +48,7 @@
     "@backstage/backend-plugin-api": "^0.7.0",
     "@backstage/plugin-scaffolder-node": "^0.4.8",
     "abort-controller": "^3.0.0",
-    "axios": "^1.6.8",
+    "axios": "^1.7.4",
     "form-data": "^4.0.0",
     "yaml": "^2.3.3",
     "zod": "^3.22.4"

diff --git a/yarn.lock b/yarn.lock