lib updates for security advisory

[jpsantosbh]

Description

Lib updates for security advisory

Type of change

• [ ] Internal refactoring
• [ ] Bug fix (bugfix - non-breaking)
• [ ] New feature (non-breaking change which adds functionality)
• [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)

Code snippets

In case of new feature or breaking changes, please include code snippets.

[changeset-bot[bot]]

🦋 Changeset detected

Latest commit: d268622f6cee732dd5c6e19627f9d15a10ff1670

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages

| Name | Type | | ------------------- | ----- | | @signalwire/web-api | Patch | | @signalwire/swaig | Patch |

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[jpsantosbh]

I need to check why it's failing

[jpsantosbh]

There is just one test failing on staging...

***
      recording_id: 'cf9ba3a7-87ad-404f-b98e-3db1845c2da3',
      recording: null,
      code: '403',
      message: 'Permission denied'
    ******
      recording_id: 'cf9ba3a7-87ad-404f-b98e-3db1845c2da3',
      recording: null,
      code: '403',
      message: 'Permission denied'
    ***

I saw this before. It is not an actual permission error(the server reports a wrong code); it's an IO issue in the server, so the dependencies look okay.

[iAmmar7]

Also, please include the changeset for updated packages. @jpsantosbh

[jpsantosbh]

Also, please include the changeset for updated packages. @jpsantosbh

No changes were made to the SDK code base. Changeset doesn't allow the creation of a changeset without any bump.

[iAmmar7]

No changes were made to the SDK code base. Changeset doesn't allow the creation of a changeset without any bump.

Fixing security vulnerabilities is a part of the SDK changes. This PR updates core, swaig, and web-api packages, we need to include the changeset for these.

[jpsantosbh]

No changes were made to the SDK code base. Changeset doesn't allow the creation of a changeset without any bump.

Fixing security vulnerabilities is a part of the SDK changes. This PR updates core, swaig, and web-api packages, we need to include the changeset for these.

I Agree, but in this specific case no security vulnerabilities were in the SDK, only in dev tools and tests. Even a patch bump is not appropriate since nothing was patched in the dist lib.

[iAmmar7]

I Agree, but in this specific case no security vulnerabilities were in the SDK, only in dev tools and tests. Even a patch bump is not appropriate since nothing was patched in the dist lib.

I am not sure if I am getting you. We have updated multiple Fastify dependencies in the SWAIG package. Plus, the node-fetch updates in the web-api package. These are build related dependencies to our packages, not the dev dependencies.

[jpsantosbh]

You were right... Changeset added