Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking β€œSign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[LIVE-14228][RELEASE] Support - Update axios and ws dependencies for CVE #7883

Merged
merged 4 commits into from
Sep 24, 2024
Merged

[LIVE-14228][RELEASE] Support - Update axios and ws dependencies for CVE #7883

merged 4 commits into from
Sep 24, 2024
+456 βˆ’826

Conversation

lambertkevin
Copy link
Contributor

@lambertkevin lambertkevin commented Sep 24, 2024 β€’
edited
Loading

βœ… Checklist

  • npx changeset was attached.
  • Covered by automatic tests.
  • Impact of the changes:
    • no impact

πŸ“ Description

Update Axios to 1.7.7 following CVE: GHSA-8hc4-vh64-cxmj
Force ws dependency of ethers to 7.5.10 following CVE: GHSA-3h5v-q93c-6h6q
Update ethers dev dependency of hw-app-eth to 5.7.2

❓ Context

🧐 Checklist for the PR Reviewers

  • The code aligns with the requirements described in the linked JIRA or GitHub issue.
  • The PR description clearly documents the changes made and explains any technical trade-offs or design decisions.
  • There are no undocumented trade-offs, technical debt, or maintainability issues.
  • The PR has been tested thoroughly, and any potential edge cases have been considered and handled.
  • Any new dependencies have been justified and documented.
  • Performance considerations have been taken into account. (changes have been profiled or benchmarked if necessary)

Sorry, something went wrong.

@lambertkevin
Update axios to 1.7.7

Verified

This commit was signed with the committer’s verified signature.
darkowlzz Sunny
GPG key ID: C58440AB02208FDD
Verified
Learn about vigilant mode
2a7b25f 
CVE: GHSA-8hc4-vh64-cxmj
@lambertkevin
Force ethers dependency ws to 7.5.10
d0ca87e 
Following CVE: GHSA-3h5v-q93c-6h6q
@lambertkevin
Update hw-app-eth dev dep ethers to 5.7.2
22161f3
@lambertkevin
changeset
Loading
Loading status checks…
f805d14
@lambertkevin lambertkevin requested a review from a team as a code owner September 24, 2024 11:02
@lambertkevin lambertkevin requested a review from a team September 24, 2024 11:02
@lambertkevin lambertkevin requested a review from a team as a code owner September 24, 2024 11:02
@vercel Vercel
Copy link

vercel bot commented Sep 24, 2024

The latest updates on your projects. Learn more about Vercel for Git β†—οΈŽ

5 Skipped Deployments
Name Status Preview Comments Updated (UTC)
ledger-live-docs ⬜️ Ignored (Inspect) Sep 24, 2024 11:02am
ledger-live-github-bot ⬜️ Ignored (Inspect) Sep 24, 2024 11:02am
native-ui-storybook ⬜️ Ignored (Inspect) Sep 24, 2024 11:02am
react-ui-storybook ⬜️ Ignored (Inspect) Sep 24, 2024 11:02am
web-tools ⬜️ Ignored (Inspect) Sep 24, 2024 11:02am

@live-github-bot live-github-bot bot added desktop Has changes in LLD common Has changes in live-common ledgerjs Has changes in the ledgerjs open source libs labels Sep 24, 2024
valpinkman
valpinkman approved these changes Sep 24, 2024
View reviewed changes
Copy link
Member

@valpinkman valpinkman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the update. I trust you on the mocks update as I do not have the knowledge but otherwise LGTM

@valpinkman valpinkman merged commit 91391a2 into release Sep 24, 2024
54 of 57 checks passed
@valpinkman valpinkman deleted the support/update-axios-and-ws-for-cve branch September 24, 2024 14:00
@valpinkman valpinkman mentioned this pull request Sep 24, 2024
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@valpinkman valpinkman

@cgrellard-ledger cgrellard-ledger

Assignees

@lambertkevin lambertkevin

Labels
common Has changes in live-common desktop Has changes in LLD ledgerjs Has changes in the ledgerjs open source libs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@lambertkevin @valpinkman @cgrellard-ledger