From 8295275dc6240c4e4fd15e847205e4b9582072bc Mon Sep 17 00:00:00 2001 From: mathis <37186532+maaaathis@users.noreply.github.com> Date: Fri, 16 Aug 2024 21:06:20 +0200 Subject: [PATCH] chore(core): update axios to ^1.7.4 (#27420) Closes CVE-2024-39338 ## Related Issue(s) Fixes #27419 --- package.json | 6 +- packages/create-nx-workspace/package.json | 2 +- packages/nx/package.json | 2 +- pnpm-lock.yaml | 78 ++++++++----------- .../create-embeddings/src/main.mts | 2 +- 5 files changed, 40 insertions(+), 50 deletions(-) diff --git a/package.json b/package.json index 9ec26f94c24f4..d7dbee588961e 100644 --- a/package.json +++ b/package.json @@ -132,7 +132,7 @@ "@types/semver": "^7.5.2", "@types/tar-stream": "^2.2.2", "@types/tmp": "^0.2.0", - "@types/yargs": "^17.0.10", + "@types/yargs": "17.0.10", "@types/yarnpkg__lockfile": "^1.1.5", "@typescript-eslint/eslint-plugin": "7.16.0", "@typescript-eslint/parser": "7.16.0", @@ -301,7 +301,7 @@ "webpack-sources": "^3.2.3", "webpack-subresource-integrity": "^5.1.0", "xstate": "4.34.0", - "yargs": "^17.6.2", + "yargs": "17.6.2", "yargs-parser": "21.1.1" }, "author": "Victor Savkin", @@ -331,7 +331,7 @@ "@widgetbot/react-embed": "^1.9.0", "@yarnpkg/lockfile": "^1.1.0", "@yarnpkg/parsers": "3.0.0-rc.46", - "axios": "^1.7.2", + "axios": "^1.7.4", "classnames": "^2.5.1", "cliui": "^8.0.1", "core-js": "3.36.1", diff --git a/packages/create-nx-workspace/package.json b/packages/create-nx-workspace/package.json index c02767525c61b..1efe0591fb412 100644 --- a/packages/create-nx-workspace/package.json +++ b/packages/create-nx-workspace/package.json @@ -37,7 +37,7 @@ "tmp": "~0.2.1", "tslib": "^2.3.0", "yargs": "^17.6.2", - "axios": "^1.7.2" + "axios": "^1.7.4" }, "publishConfig": { "access": "public" diff --git a/packages/nx/package.json b/packages/nx/package.json index bc24b154afe03..92d1f174e56f6 100644 --- a/packages/nx/package.json +++ b/packages/nx/package.json @@ -41,7 +41,7 @@ "@yarnpkg/lockfile": "^1.1.0", "@yarnpkg/parsers": "3.0.0-rc.46", "@zkochan/js-yaml": "0.0.7", - "axios": "^1.7.2", + "axios": "^1.7.4", "chalk": "^4.1.0", "cli-cursor": "3.1.0", "cli-spinners": "2.6.1", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 9f56d70926dc3..b79d6783b6ad4 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -64,8 +64,8 @@ dependencies: specifier: 3.0.0-rc.46 version: 3.0.0-rc.46 axios: - specifier: ^1.7.2 - version: 1.7.2 + specifier: ^1.7.4 + version: 1.7.4 classnames: specifier: ^2.5.1 version: 2.5.1 @@ -486,8 +486,8 @@ devDependencies: specifier: ^0.2.0 version: 0.2.3 '@types/yargs': - specifier: ^17.0.10 - version: 17.0.13 + specifier: 17.0.10 + version: 17.0.10 '@types/yarnpkg__lockfile': specifier: ^1.1.5 version: 1.1.5 @@ -990,7 +990,7 @@ devDependencies: specifier: 4.34.0 version: 4.34.0 yargs: - specifier: ^17.6.2 + specifier: 17.6.2 version: 17.6.2 yargs-parser: specifier: 21.1.1 @@ -1632,7 +1632,7 @@ packages: semver: 7.6.2 tslib: 2.6.3 typescript: 5.5.3 - yargs: 17.7.2 + yargs: 17.6.2 transitivePeerDependencies: - supports-color dev: true @@ -10355,7 +10355,7 @@ packages: '@types/istanbul-lib-coverage': 2.0.6 '@types/istanbul-reports': 3.0.4 '@types/node': 18.19.8 - '@types/yargs': 17.0.13 + '@types/yargs': 17.0.10 chalk: 4.1.2 dev: true @@ -10673,7 +10673,7 @@ packages: '@module-federation/third-party-dts-extractor': 0.2.3 adm-zip: 0.5.14 ansi-colors: 4.1.3 - axios: 1.7.2 + axios: 1.7.4 chalk: 3.0.0 fs-extra: 9.1.0 isomorphic-ws: 5.0.0(ws@8.17.1) @@ -12169,7 +12169,6 @@ packages: - '@swc/core' - '@swc/wasm' - '@types/node' - - babel-plugin-macros - debug - node-notifier - nx @@ -12738,7 +12737,7 @@ packages: nx: '>= 17 <= 20' dependencies: '@nrwl/devkit': 19.3.1(nx@19.3.1) - ejs: 3.1.10 + ejs: 3.1.8 enquirer: 2.3.6 ignore: 5.3.1 minimatch: 9.0.3 @@ -12755,7 +12754,7 @@ packages: nx: '>= 17 <= 20' dependencies: '@nrwl/devkit': 19.6.0-beta.6(nx@19.6.0-beta.6) - ejs: 3.1.10 + ejs: 3.1.8 enquirer: 2.3.6 ignore: 5.3.1 minimatch: 9.0.3 @@ -12863,7 +12862,7 @@ packages: /@nx/jest@19.6.0-beta.6(@swc-node/register@1.9.1)(@swc/core@1.5.7)(@types/node@18.19.8)(nx@19.6.0-beta.6)(ts-node@10.9.1)(typescript@5.5.3)(verdaccio@5.31.0): resolution: {integrity: sha512-WwYs0CGsTFngkc9pcpMaQKwJIusUyDftkG7lXfZ8E2hqV62HSs96OY5ZSBKTOk6oldOYKRq24pT210xarrjCNg==} dependencies: - '@jest/reporters': 29.7.0 + '@jest/reporters': 29.5.0 '@jest/test-result': 29.7.0 '@nrwl/jest': 19.6.0-beta.6(@swc-node/register@1.9.1)(@swc/core@1.5.7)(@types/node@18.19.8)(nx@19.6.0-beta.6)(ts-node@10.9.1)(typescript@5.5.3)(verdaccio@5.31.0) '@nx/devkit': 19.6.0-beta.6(nx@19.6.0-beta.6) @@ -12871,7 +12870,7 @@ packages: '@phenomnomnominal/tsquery': 5.0.1(typescript@5.5.3) chalk: 4.1.2 identity-obj-proxy: 3.0.0 - jest-config: 29.7.0(@types/node@18.19.8)(ts-node@10.9.1) + jest-config: 29.5.0(@types/node@18.19.8)(ts-node@10.9.1) jest-resolve: 29.7.0 jest-util: 29.7.0 minimatch: 9.0.3 @@ -12885,7 +12884,6 @@ packages: - '@swc/core' - '@swc/wasm' - '@types/node' - - babel-plugin-macros - debug - node-notifier - nx @@ -16616,20 +16614,20 @@ packages: /@types/babel__generator@7.6.4: resolution: {integrity: sha512-tFkciB9j2K755yrTALxD44McOrk+gfpIpvC3sxHjRawj6PfnQxrse4Clq5y/Rq+G3mrBurMax/lG8Qn2t9mSsg==} dependencies: - '@babel/types': 7.23.6 + '@babel/types': 7.24.7 dev: true /@types/babel__template@7.4.1: resolution: {integrity: sha512-azBFKemX6kMg5Io+/rdGT0dkGreboUVR0Cdm3fz9QJWpaQGJRQXl7C+6hOTCZcMll7KFyEQpgbYI2lHdsS4U7g==} dependencies: - '@babel/parser': 7.23.6 - '@babel/types': 7.23.6 + '@babel/parser': 7.24.7 + '@babel/types': 7.24.7 dev: true /@types/babel__traverse@7.18.2: resolution: {integrity: sha512-FcFaxOr2V5KZCviw1TnutEMVUVsGt4D2hP1TAfXZAMKuHYW3xQhe3jTxNPWutgCJ3/X1c5yX8ZoGVEItxKbwBg==} dependencies: - '@babel/types': 7.23.6 + '@babel/types': 7.24.7 dev: true /@types/body-parser@1.19.2: @@ -17216,8 +17214,8 @@ packages: resolution: {integrity: sha512-iO9ZQHkZxHn4mSakYV0vFHAVDyEOIJQrV2uZ06HxEPcx+mt8swXoZHIbaaJ2crJYFfErySgktuTZ3BeLz+XmFA==} dev: true - /@types/yargs@17.0.13: - resolution: {integrity: sha512-9sWaruZk2JGxIQU+IhI1fhPYRcQ0UuTNuKuCW9bR5fp7qi2Llf7WDzNa17Cy7TKnh3cdxDOiyTu6gaLS0eDatg==} + /@types/yargs@17.0.10: + resolution: {integrity: sha512-gmEaFwpj/7f/ROdtIlci1R1VYU1J4j95m8T+Tj3iBgiBFKg1foE/PSl93bBd5T9LDXNPo8UlNN6W0qwD8O5OaA==} dependencies: '@types/yargs-parser': 21.0.0 dev: true @@ -19163,8 +19161,8 @@ packages: engines: {node: '>=4'} dev: true - /axios@1.7.2: - resolution: {integrity: sha512-2A8QhOMrbomlDuiLeK9XibIBzuHeRcqqNOHp0Cyp5EoJ1IFDh+XZH3A6BkXtv0K4gFGCI0Y4BM7B1wOEi0Rmgw==} + /axios@1.7.4: + resolution: {integrity: sha512-DukmaFRnY6AzAALSH4J2M3k6PkaC+MfaAGdEERRWcC9q3/TWQwLpHR8ZRLKTdQ3aBDL64EdluRDjJqKw+BPZEw==} dependencies: follow-redirects: 1.15.6(debug@4.3.4) form-data: 4.0.0 @@ -19306,7 +19304,7 @@ packages: resolution: {integrity: sha512-Y1IQok9821cC9onCx5otgFfRm7Lm+I+wwxOx738M/WLPZ9Q42m4IG5W0FNX8WLL2gYMZo3JkuXIH2DOpWM+qwA==} engines: {node: '>=8'} dependencies: - '@babel/helper-plugin-utils': 7.24.7 + '@babel/helper-plugin-utils': 7.24.0 '@istanbuljs/load-nyc-config': 1.1.0 '@istanbuljs/schema': 0.1.3 istanbul-lib-instrument: 5.2.1 @@ -21322,9 +21320,9 @@ packages: dependencies: icss-utils: 5.1.0(postcss@8.4.38) postcss: 8.4.38 - postcss-modules-extract-imports: 3.0.0(postcss@8.4.38) - postcss-modules-local-by-default: 4.0.4(postcss@8.4.38) - postcss-modules-scope: 3.1.1(postcss@8.4.38) + postcss-modules-extract-imports: 3.1.0(postcss@8.4.38) + postcss-modules-local-by-default: 4.0.5(postcss@8.4.38) + postcss-modules-scope: 3.2.0(postcss@8.4.38) postcss-modules-values: 4.0.0(postcss@8.4.38) postcss-value-parser: 4.2.0 semver: 7.6.2 @@ -22327,14 +22325,6 @@ packages: /ee-first@1.1.1: resolution: {integrity: sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==} - /ejs@3.1.10: - resolution: {integrity: sha512-UeJmFfOrAQS8OJWPZ4qtgHyWExa088/MtK5UEyoJGFH67cDEXkZSviOiKRCZ4Xij0zxI3JECgYs3oKx+AizQBA==} - engines: {node: '>=0.10.0'} - hasBin: true - dependencies: - jake: 10.8.5 - dev: true - /ejs@3.1.8: resolution: {integrity: sha512-/sXZeMlhS0ArkfX2Aw780gJzXSMPnKjtspYZv+f3NiKLlubezAHDU5+9xz6gd3/NhG3txQCo6xlglmTS+oTGEQ==} engines: {node: '>=0.10.0'} @@ -26653,7 +26643,7 @@ packages: jest-config: 29.7.0(@types/node@18.19.8)(ts-node@10.9.1) jest-util: 29.7.0 jest-validate: 29.7.0 - yargs: 17.7.2 + yargs: 17.6.2 transitivePeerDependencies: - '@types/node' - babel-plugin-macros @@ -28784,7 +28774,7 @@ packages: strip-ansi: 6.0.1 throat: 5.0.0 ws: 7.5.9 - yargs: 17.7.2 + yargs: 17.6.2 transitivePeerDependencies: - bufferutil - encoding @@ -30276,7 +30266,7 @@ packages: '@yarnpkg/lockfile': 1.1.0 '@yarnpkg/parsers': 3.0.0-rc.46 '@zkochan/js-yaml': 0.0.7 - axios: 1.7.2 + axios: 1.7.4 chalk: 4.1.2 cli-cursor: 3.1.0 cli-spinners: 2.6.1 @@ -30304,7 +30294,7 @@ packages: tmp: 0.2.3 tsconfig-paths: 4.2.0 tslib: 2.6.3 - yargs: 17.7.2 + yargs: 17.6.2 yargs-parser: 21.1.1 optionalDependencies: '@nx/nx-darwin-arm64': 19.3.1 @@ -30341,7 +30331,7 @@ packages: '@yarnpkg/lockfile': 1.1.0 '@yarnpkg/parsers': 3.0.0-rc.46 '@zkochan/js-yaml': 0.0.7 - axios: 1.7.2 + axios: 1.7.4 chalk: 4.1.2 cli-cursor: 3.1.0 cli-spinners: 2.6.1 @@ -30369,7 +30359,7 @@ packages: tmp: 0.2.3 tsconfig-paths: 4.2.0 tslib: 2.6.3 - yargs: 17.7.2 + yargs: 17.6.2 yargs-parser: 21.1.1 optionalDependencies: '@nx/nx-darwin-arm64': 19.6.0-beta.6 @@ -31027,7 +31017,7 @@ packages: /parse5@7.1.2: resolution: {integrity: sha512-Czj1WaSVpaoj0wbhMzLmWD69anp2WH7FXMB9n1Sy8/ZFF9jolSQVMu1Ij5WIyGmcBmhk7EOndpO4mIpihVqAXw==} dependencies: - entities: 4.4.0 + entities: 4.5.0 dev: true /parseurl@1.3.3: @@ -33759,7 +33749,7 @@ packages: picomatch: 2.3.1 rollup: 4.14.3 source-map: 0.7.4 - yargs: 17.7.2 + yargs: 17.6.2 dev: true /rollup-plugin-visualizer@5.12.0(rollup@4.18.0): @@ -33776,7 +33766,7 @@ packages: picomatch: 2.3.1 rollup: 4.18.0 source-map: 0.7.4 - yargs: 17.7.2 + yargs: 17.6.2 dev: true /rollup-pluginutils@2.8.2: @@ -36082,7 +36072,7 @@ packages: json5: 2.2.3 lodash.memoize: 4.1.2 make-error: 1.3.6 - semver: 7.6.2 + semver: 7.5.3 typescript: 5.5.3 yargs-parser: 21.1.1 dev: true diff --git a/tools/documentation/create-embeddings/src/main.mts b/tools/documentation/create-embeddings/src/main.mts index 0bd69f50dfcec..1bdd36c8bdb5b 100644 --- a/tools/documentation/create-embeddings/src/main.mts +++ b/tools/documentation/create-embeddings/src/main.mts @@ -154,7 +154,7 @@ class MarkdownEmbeddingSource extends BaseEmbeddingSource { type EmbeddingSource = MarkdownEmbeddingSource; async function generateEmbeddings() { - const argv = await yargs().option('refresh', { + const argv = await yargs(process.argv).option('refresh', { alias: 'r', description: 'Refresh data', type: 'boolean',