search

lotas / contentful-graph

Visual representation of contentful content models in form of graphs
https://www.contentful.com/blog/2017/08/08/how-to-quickly-visualize-your-content-model/
MIT License
59 stars 6 forks source link

Fix axios vulnerability #31

Closed julianbei closed 3 years ago

julianbei commented 3 years ago

Fixing the axios security vulnerability by upgrading the contentful libs.

 npm audit

                       === npm audit security report ===                        

# Run  npm install contentful@8.1.7  to resolve 1 vulnerability
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Server-Side Request Forgery                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ axios                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ contentful                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ contentful > axios                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1594                            │
└───────────────┴──────────────────────────────────────────────────────────────┘

# Run  npm update axios --depth 2  to resolve 1 vulnerability
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Server-Side Request Forgery                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ axios                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ contentful-management                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ contentful-management > axios                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1594                            │
└───────────────┴──────────────────────────────────────────────────────────────┘

found 2 high severity vulnerabilities in 257 scanned packages
  run `npm audit fix` to fix 1 of them.
  1 vulnerability requires semver-major dependency updates.
julianbei commented 3 years ago

Hi @lotas

First of all, thanks for your work and effort delivering this awesome lib to the opensource community.

will you merge this at some point? We have a blocked CI because of the failing npm audit. Cheers and thanks for all your work its great keep it up! Julian

lotas commented 3 years ago

@julianbei sure, forgot to merge it same day. Will make a new release also now. Thank you!