search

distributed-system-analysis / pbench

A benchmarking and performance analysis framework
http://distributed-system-analysis.github.io/pbench/
GNU General Public License v3.0
188 stars 108 forks source link

Update Dashboard dependency on Axios #3625

Closed webbnh closed 1 month ago

webbnh commented 1 month ago

After ten months, I finally got tired of the Dependabot warnings, so here's a PR to update the Dashboard's dependency on axios to at least the version which addresses CVE-2023-45857. (See also the GitHub advisory.)

I assume (boldly) that when we actually build the Dashboard, we pull a safe version of axios (since the package.json file is specifying only the minimum -- not the "locked" -- version), so I don't think this issue actually affects us (and, even if it did, we run the Dashboard in limited quantities in what I think is a safe environment...), so I didn't bother to actually test this change. (For me, the definition of "working" will be the absence of Dependabot warnings....)

webbnh commented 1 month ago

Thanks, Dave; now, if we can just get Mr. Smee to talk to Mr. Jenkins, so that Mr. Jenkins can tell GitHub that all is well....

webbnh commented 1 month ago

if we can just get Mr. Smee to talk to Mr. Jenkins

This appears to be fixed, but there is another problem; so, this PR will need to wait for #3626, which looks hopeful.