From 4c12e63d651482c3dbca68495328998c0bbebe64 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 28 Oct 2023 02:48:03 +0000 Subject: [PATCH] fix: assets/package.json & assets/yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-6032459 --- assets/package.json | 2 +- assets/yarn.lock | 24 +++++++++++++++--------- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/assets/package.json b/assets/package.json index c5b1c92c..7b046dc4 100644 --- a/assets/package.json +++ b/assets/package.json @@ -25,7 +25,7 @@ "@tiptap/starter-kit": "^2.0.0-beta.191", "@tiptap/suggestion": "^2.0.0-beta.202", "@types/lodash.flatten": "^4.4.7", - "axios": "^0.27.2", + "axios": "^1.6.0", "base64-arraybuffer": "^1.0.2", "copy-to-clipboard": "^3.3.2", "date-fns": "^2.29.3", diff --git a/assets/yarn.lock b/assets/yarn.lock index 466d0798..499f22b5 100644 --- a/assets/yarn.lock +++ b/assets/yarn.lock @@ -750,13 +750,14 @@ autoprefixer@^10.4.7: picocolors "^1.0.0" postcss-value-parser "^4.2.0" -axios@^0.27.2: - version "0.27.2" - resolved "https://registry.yarnpkg.com/axios/-/axios-0.27.2.tgz#207658cc8621606e586c85db4b41a750e756d972" - integrity sha512-t+yRIyySRTp/wua5xEr+z1q60QmLq8ABsS5O9Me1AsE5dfKqgnCFzwiCZZ/cGNd1lq4/7akDWMxdhVlucjmnOQ== +axios@^1.6.0: + version "1.6.0" + resolved "https://registry.yarnpkg.com/axios/-/axios-1.6.0.tgz#f1e5292f26b2fd5c2e66876adc5b06cdbd7d2102" + integrity sha512-EZ1DYihju9pwVB+jg67ogm+Tmqc6JmhamRN6I4Zt8DfZu5lbcQGw3ozH9lFejSJgs/ibaef3A9PMXPLeefFGJg== dependencies: - follow-redirects "^1.14.9" + follow-redirects "^1.15.0" form-data "^4.0.0" + proxy-from-env "^1.1.0" babel-plugin-transform-hook-names@^1.0.2: version "1.0.2" @@ -1114,10 +1115,10 @@ fill-range@^7.0.1: dependencies: to-regex-range "^5.0.1" -follow-redirects@^1.14.9: - version "1.15.1" - resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.1.tgz#0ca6a452306c9b276e4d3127483e29575e207ad5" - integrity sha512-yLAMQs+k0b2m7cVxpS1VKJVvoz7SS9Td1zss3XRwXj+ZDH00RJgnuLx7E44wx02kQLrdM3aOOy+FpzS7+8OizA== +follow-redirects@^1.15.0: + version "1.15.3" + resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.3.tgz#fe2f3ef2690afce7e82ed0b44db08165b207123a" + integrity sha512-1VzOtuEM8pC9SFU1E+8KfTjZyMztRsgEfwQl44z8A25uy13jSzTj6dyK2Df52iV0vgHCfBwLhDWevLn95w5v6Q== form-data@^4.0.0: version "4.0.0" @@ -1599,6 +1600,11 @@ prosemirror-view@^1.28.2: prosemirror-state "^1.0.0" prosemirror-transform "^1.1.0" +proxy-from-env@^1.1.0: + version "1.1.0" + resolved "https://registry.yarnpkg.com/proxy-from-env/-/proxy-from-env-1.1.0.tgz#e102f16ca355424865755d2c9e8ea4f24d58c3e2" + integrity sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg== + queue-microtask@^1.2.2, queue-microtask@^1.2.3: version "1.2.3" resolved "https://registry.yarnpkg.com/queue-microtask/-/queue-microtask-1.2.3.tgz#4929228bbc724dfac43e0efb058caf7b6cfb6243"