Closed stbarillas closed 6 months ago
:warning: We detected 5 security issues in this pull request:
👉 Go to the dashboard for detailed results.
📥 Happy? Share your feedback with us.
@bamohan , I don't have a lob api key to run tests locally. Could you help me verify that tests are still passing?
Also, the security issues found by guardrails are for dev dependencies. Could these be overlooked for this PR?
@bamohan @ronakshahlob Heya, I did an update to Steve's patch here. Due to how Axios changed packaging with cjs, Jest 27 is not able to understand that. We could add a hack/exception, but the easier solution is to just update that to Jest 29. So I did that and verified that npm test works locally now.
Thanks!
Any update here? It would be nice to remove vulnerabilities
so you were able to test locally, no breaking changes from axios? if yes, good to merge.
I think we should also bump up this package's version from
"version": "1.3.3",
to1.3.4
All tests passed; we used the update in our code as well with no issues, however that's not to say we exercise all the functionality but seemed ok.
Feel free to bump the version as appropriate after merging so you can release :)
Hello @stbarillas @amaan-lob @BennyKitchell Can you merge this PR, please? The axios version of this package raises a security issue on our repo
also requesting this, axios is showing up in our vulnerability scans from @lob/lob-typescript-sdk
I will publish 1.3.4
in https://github.com/lob/lob-typescript-sdk/pull/277 and publish the new version shortly.
ended up publishing version 1.3.5
Description
Small PR Bumping Axios version to address vulnerability
Verify