Skip to content

Commit

Permalink
fix: security upgrade axios from 0.27.2 to 1.6.0 [HEAD-1036] (#387)
Browse files Browse the repository at this point in the history
* fix: package.json & package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AXIOS-6032459

* chore: fix misspelling

* chore: update imports order due to lint

* fix: set `Authorization` instead of overriding headers

This change ensures compatibility with Axios 1.x's AxiosRequestHeaders type
and resolves TypeScript type mismatch issues.

---------

Co-authored-by: snyk-bot <[email protected]>
Co-authored-by: Catalina Oyaneder <[email protected]>
  • Loading branch information
3 people authored Dec 4, 2023
1 parent fd3ffff commit 7d05d3e
Show file tree
Hide file tree
Showing 5 changed files with 40 additions and 32 deletions.
46 changes: 29 additions & 17 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 4 additions & 4 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -63,21 +63,21 @@
"scope": "application"
},
"snyk.yesTelemetry": {
"//": "Name starts with y to put it at the end, as configs are sorted alphbetically",
"//": "Name starts with y to put it at the end, as configs are sorted alphabetically",
"type": "boolean",
"default": true,
"markdownDescription": "Send usage statistics to Snyk",
"scope": "application"
},
"snyk.yesWelcomeNotification": {
"//": "Name starts with y to put it at the end, as configs are sorted alphbetically",
"//": "Name starts with y to put it at the end, as configs are sorted alphabetically",
"type": "boolean",
"default": true,
"markdownDescription": "Show welcome notification after installation and restart",
"scope": "application"
},
"snyk.yesBackgroundOssNotification": {
"//": "Name starts with y to put it at the end, as configs are sorted alphbetically",
"//": "Name starts with y to put it at the end, as configs are sorted alphabetically",
"type": "boolean",
"default": true,
"markdownDescription": "Show scan notification for critical Open Source Security vulnerabilities when Snyk view is hidden",
Expand Down Expand Up @@ -440,7 +440,7 @@
"@sentry/tracing": "^6.19.7",
"@snyk/code-client": "^4.12.4",
"analytics-node": "^4.0.1",
"axios": "^0.27.2",
"axios": "^1.6.0",
"glob": "^7.2.0",
"he": "^1.2.0",
"htmlparser2": "^7.2.0",
Expand Down
6 changes: 1 addition & 5 deletions src/snyk/advisor/services/advisorApiClient.ts
Original file line number Diff line number Diff line change
Expand Up @@ -47,11 +47,7 @@ export class AdvisorApiClient implements IAdvisorApiClient {
const token = await this.configuration.getToken();
this.http.interceptors.request.use(req => {
req.baseURL = this.configuration.baseApiUrl;
req.headers = {
...req.headers,
Authorization: `token ${token}`,
} as { [header: string]: string };

req.headers['Authorization'] = `token ${token}`;
return req;
});
return this.http.post<T, R>(url, data, config);
Expand Down
10 changes: 5 additions & 5 deletions src/snyk/common/languageServer/staticLsApi.ts
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
import axios, { CancelTokenSource } from 'axios';
import { IConfiguration } from '../configuration/configuration';
import { PROTOCOL_VERSION } from '../constants/languageServer';
import { LsExecutable } from './lsExecutable';
import { LsSupportedPlatform } from './supportedPlatforms';
import { getAxiosConfig } from '../proxy';
import { IVSCodeWorkspace } from '../vscode/workspace';
import { DownloadAxiosResponse } from '../download/downloader';
import { IConfiguration } from '../configuration/configuration';
import { ILog } from '../logger/interfaces';
import { getAxiosConfig } from '../proxy';
import { IVSCodeWorkspace } from '../vscode/workspace';
import { LsExecutable } from './lsExecutable';
import { LsSupportedPlatform } from './supportedPlatforms';

export type LsMetadata = {
tag: string;
Expand Down
2 changes: 1 addition & 1 deletion src/snyk/common/proxy.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@ import fs from 'fs/promises';
import { Agent, AgentOptions, globalAgent } from 'https';
import { HttpsProxyAgent, HttpsProxyAgentOptions } from 'https-proxy-agent';
import * as url from 'url';
import { IVSCodeWorkspace } from './vscode/workspace';
import { IConfiguration } from './configuration/configuration';
import { ILog } from './logger/interfaces';
import { IVSCodeWorkspace } from './vscode/workspace';

export async function getHttpsProxyAgent(
workspace: IVSCodeWorkspace,
Expand Down

0 comments on commit 7d05d3e

Please sign in to comment.