From af3bb7346e0f279248c80e5b16ce7f8f9e7366db Mon Sep 17 00:00:00 2001 From: Hazelnoot Date: Tue, 15 Oct 2024 22:00:39 -0400 Subject: [PATCH] update axios and ws to patch security issue (unexploitable in our case) --- packages/megalodon/package.json | 4 ++-- pnpm-lock.yaml | 22 +++++++++++----------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/packages/megalodon/package.json b/packages/megalodon/package.json index 87274816ca..bd9e4fc284 100644 --- a/packages/megalodon/package.json +++ b/packages/megalodon/package.json @@ -62,7 +62,7 @@ "@types/parse-link-header": "^2.0.3", "@types/uuid": "^9.0.7", "@types/ws": "^8.5.10", - "axios": "1.6.0", + "axios": "1.7.4", "dayjs": "^1.11.10", "form-data": "^4.0.0", "https-proxy-agent": "^7.0.2", @@ -72,7 +72,7 @@ "socks-proxy-agent": "^8.0.2", "typescript": "5.1.6", "uuid": "^9.0.1", - "ws": "8.14.2" + "ws": "8.17.1" }, "devDependencies": { "@typescript-eslint/eslint-plugin": "^6.12.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index a0fab154b6..4cbfa9ce1c 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -1291,8 +1291,8 @@ importers: specifier: ^8.5.10 version: 8.5.11 axios: - specifier: 1.6.0 - version: 1.6.0 + specifier: 1.7.4 + version: 1.7.4 dayjs: specifier: ^1.11.10 version: 1.11.10 @@ -1321,8 +1321,8 @@ importers: specifier: ^9.0.1 version: 9.0.1 ws: - specifier: 8.14.2 - version: 8.14.2(bufferutil@4.0.8)(utf-8-validate@6.0.4) + specifier: 8.17.1 + version: 8.17.1(bufferutil@4.0.8)(utf-8-validate@6.0.4) devDependencies: '@typescript-eslint/eslint-plugin': specifier: ^6.12.0 @@ -5584,8 +5584,8 @@ packages: axios@0.24.0: resolution: {integrity: sha512-Q6cWsys88HoPgAaFAVUb0WpPk0O8iTeisR9IMqy9G8AbO4NlpVknrnQS03zzF9PGAWgO3cgletO3VjV/P7VztA==} - axios@1.6.0: - resolution: {integrity: sha512-EZ1DYihju9pwVB+jg67ogm+Tmqc6JmhamRN6I4Zt8DfZu5lbcQGw3ozH9lFejSJgs/ibaef3A9PMXPLeefFGJg==} + axios@1.7.4: + resolution: {integrity: sha512-DukmaFRnY6AzAALSH4J2M3k6PkaC+MfaAGdEERRWcC9q3/TWQwLpHR8ZRLKTdQ3aBDL64EdluRDjJqKw+BPZEw==} axios@1.7.7: resolution: {integrity: sha512-S4kL7XrjgBmvdGut0sN3yJxqYzrDOnivkBiN0OFs6hLiUam3UPvswUo0kqGyhqUZGEOytHyumEdXsAkgCOUf3Q==} @@ -11554,8 +11554,8 @@ packages: resolution: {integrity: sha512-7KxauUdBmSdWnmpaGFg+ppNjKF8uNLry8LyzjauQDOVONfFLNKrKvQOxZ/VuTIcS/gge/YNahf5RIIQWTSarlg==} engines: {node: ^12.13.0 || ^14.15.0 || >=16.0.0} - ws@8.14.2: - resolution: {integrity: sha512-wEBG1ftX4jcglPxgFCMJmZ2PLtSbJ2Peg6TmpJFTbe9GZYOQCDPdMYu/Tm0/bGZkw8paZnJY45J4K2PZrLYq8g==} + ws@8.17.1: + resolution: {integrity: sha512-6XQFvXTkbfUOZOKKILFG1PDK2NDQs4azKQl26T0YS5CxqWLgXajbPZ+h4gZekJyRqFU8pvnbAbbs/3TgRPy+GQ==} engines: {node: '>=10.0.0'} peerDependencies: bufferutil: ^4.0.1 @@ -16686,9 +16686,9 @@ snapshots: transitivePeerDependencies: - debug - axios@1.6.0: + axios@1.7.4: dependencies: - follow-redirects: 1.15.2 + follow-redirects: 1.15.9(debug@4.3.7) form-data: 4.0.0 proxy-from-env: 1.1.0 transitivePeerDependencies: @@ -24004,7 +24004,7 @@ snapshots: imurmurhash: 0.1.4 signal-exit: 3.0.7 - ws@8.14.2(bufferutil@4.0.8)(utf-8-validate@6.0.4): + ws@8.17.1(bufferutil@4.0.8)(utf-8-validate@6.0.4): optionalDependencies: bufferutil: 4.0.8 utf-8-validate: 6.0.4