Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: alphagov/notifications-node-client
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 7.0.5
Choose a base ref
...
head repository: alphagov/notifications-node-client
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 7.0.6
Choose a head ref
  • 2 commits
  • 3 files changed
  • 1 contributor

Commits on Nov 13, 2023

  1. Bump Axios to version 1.6.1 

    This pulls in the latest version of Axios which has some security
vulnerabilities fixed.

I asked on GDS Slack whether we should be specifying the oldest
compatible version of the dependency or the latest version.

This is the response I got:
> I would specify the latest version that has the vulnerability patched.
>
> If you think that might result in a breaking change for your
> consumers, I'd then make a new major version of your package,
> describing the potential for breaking changes.
>
> Version numbers are cheap, so you should feel free to make as many of
> them as possible.
    @quis
    quis committed Nov 13, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    cd718c8 View commit details

  2. Merge pull request #189 from alphagov/axios-1.6.1-again 

    Bump Axios to version 1.6.1
    @quis
    quis authored Nov 13, 2023
    Copy the full SHA
    8313771 View commit details
Showing with 13 additions and 9 deletions.
  1. +4 −0 CHANGELOG.md
  2. +7 −7 package-lock.json
  3. +2 −2 package.json
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 7.0.6 - 2023-11-13

* Bump axios from 1.2.6 to 1.6.1

## 7.0.5 - 2023-11-13

* Fix a few cases of assignment to undeclared (global) variables
14 changes: 7 additions & 7 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "notifications-node-client",
"version": "7.0.5",
"version": "7.0.6",
"homepage": "https://docs.notifications.service.gov.uk/node.html",
"repository": {
"type": "git",
@@ -21,7 +21,7 @@
"license": "MIT",
"dependencies": {
"jsonwebtoken": "^9.0.0",
"axios": "^1.2.0"
"axios": "^1.6.1"
},
"devDependencies": {
"chai": "4.1.2",