fix: package.json & yarn.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-6032459
zwave-js · Nov 27, 2023 · 9b1b26f · 9b1b26f
1 parent d7621c1
commit 9b1b26f
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 3 deletions.
diff --git a/package.json b/package.json
@@ -120,7 +120,8 @@
     "@zwave-js/winston-daily-rotate-file": "^4.5.6-1",
     "ansi_up": "^6.0.2",
     "archiver": "^6.0.1",
-    "axios": "^1.5.1",
+    "axios": "^1.6.0",
+    "axios-progress-bar": "^1.2.0",
     "connect-history-api-fallback": "2.0.0",
     "cookie-parser": "^1.4.6",
     "cors": "^2.8.5",

diff --git a/yarn.lock b/yarn.lock
@@ -3798,6 +3798,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"axios-progress-bar@npm:^1.2.0":
+  version: 1.2.0
+  resolution: "axios-progress-bar@npm:1.2.0"
+  peerDependencies:
+    axios: 0.x
+  checksum: b0ef52ed5649ef4efe0e50f8bddc920b9d38dfafe59417db5062a7ee2c92d18811776e89c9b132b292b9742d94e7c48d654bfd68cb86410bf93e58ec6e239a47
+  languageName: node
+  linkType: hard
+
 "axios@npm:^0.27.2":
   version: 0.27.2
   resolution: "axios@npm:0.27.2"
@@ -3808,7 +3817,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"axios@npm:^1.5.1":
+"axios@npm:^1.6.0":
   version: 1.6.2
   resolution: "axios@npm:1.6.2"
   dependencies:
@@ -14306,7 +14315,8 @@ __metadata:
     "@zwave-js/winston-daily-rotate-file": "npm:^4.5.6-1"
     ansi_up: "npm:^6.0.2"
     archiver: "npm:^6.0.1"
-    axios: "npm:^1.5.1"
+    axios: "npm:^1.6.0"
+    axios-progress-bar: "npm:^1.2.0"
     c8: "npm:^8.0.1"
     chai: "npm:^4.3.10"
     chai-as-promised: "npm:^7.1.1"