From bf28953f30465af3218075bc8469d727c94ee793 Mon Sep 17 00:00:00 2001 From: bwappsec <104206313+bwappsec@users.noreply.github.com> Date: Tue, 7 Nov 2023 10:49:06 -0500 Subject: [PATCH] SWI-3723 [Snyk] Security upgrade axios from 0.27.2 to 1.6.0 (#83) * fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-6032459 * fix typings for axios 1.6.0 * update package json to fix import issue --------- Co-authored-by: snyk-bot Co-authored-by: ckoegel --- package-lock.json | 34 +++++++++++++++++++++++----------- package.json | 7 ++++++- src/http/httpClient.ts | 10 +++++----- 3 files changed, 34 insertions(+), 17 deletions(-) diff --git a/package-lock.json b/package-lock.json index c5a25c2..913be6a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,7 @@ "@apimatic/core": "^0.7.6", "@apimatic/schema": "^0.6.0", "@types/node": "^14.18.21", - "axios": "^0.27.2", + "axios": "^1.6.0", "detect-node": "^2.0.4", "form-data": "^3.0.0", "lodash.flatmap": "^4.5.0", @@ -3157,12 +3157,13 @@ } }, "node_modules/axios": { - "version": "0.27.2", - "resolved": "https://registry.npmjs.org/axios/-/axios-0.27.2.tgz", - "integrity": "sha512-t+yRIyySRTp/wua5xEr+z1q60QmLq8ABsS5O9Me1AsE5dfKqgnCFzwiCZZ/cGNd1lq4/7akDWMxdhVlucjmnOQ==", + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.0.tgz", + "integrity": "sha512-EZ1DYihju9pwVB+jg67ogm+Tmqc6JmhamRN6I4Zt8DfZu5lbcQGw3ozH9lFejSJgs/ibaef3A9PMXPLeefFGJg==", "dependencies": { - "follow-redirects": "^1.14.9", - "form-data": "^4.0.0" + "follow-redirects": "^1.15.0", + "form-data": "^4.0.0", + "proxy-from-env": "^1.1.0" } }, "node_modules/axios/node_modules/form-data": { @@ -9172,6 +9173,11 @@ "react-is": "^16.8.1" } }, + "node_modules/proxy-from-env": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", + "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==" + }, "node_modules/psl": { "version": "1.8.0", "resolved": "https://registry.npmjs.org/psl/-/psl-1.8.0.tgz", @@ -14319,12 +14325,13 @@ "dev": true }, "axios": { - "version": "0.27.2", - "resolved": "https://registry.npmjs.org/axios/-/axios-0.27.2.tgz", - "integrity": "sha512-t+yRIyySRTp/wua5xEr+z1q60QmLq8ABsS5O9Me1AsE5dfKqgnCFzwiCZZ/cGNd1lq4/7akDWMxdhVlucjmnOQ==", + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.0.tgz", + "integrity": "sha512-EZ1DYihju9pwVB+jg67ogm+Tmqc6JmhamRN6I4Zt8DfZu5lbcQGw3ozH9lFejSJgs/ibaef3A9PMXPLeefFGJg==", "requires": { - "follow-redirects": "^1.14.9", - "form-data": "^4.0.0" + "follow-redirects": "^1.15.0", + "form-data": "^4.0.0", + "proxy-from-env": "^1.1.0" }, "dependencies": { "form-data": { @@ -19023,6 +19030,11 @@ "react-is": "^16.8.1" } }, + "proxy-from-env": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", + "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==" + }, "psl": { "version": "1.8.0", "resolved": "https://registry.npmjs.org/psl/-/psl-1.8.0.tgz", diff --git a/package.json b/package.json index 7f0d49d..ea6481e 100644 --- a/package.json +++ b/package.json @@ -41,13 +41,18 @@ "@apimatic/core": "^0.7.6", "@apimatic/schema": "^0.6.0", "@types/node": "^14.18.21", - "axios": "^0.27.2", + "axios": "^1.6.0", "detect-node": "^2.0.4", "form-data": "^3.0.0", "lodash.flatmap": "^4.5.0", "tiny-warning": "^1.0.3", "xmlbuilder": "^15.1.1" }, + "jest": { + "moduleNameMapper": { + "axios": "axios/dist/node/axios.cjs" + } + }, "bugs": { "email": "dx@bandwidth.com" } diff --git a/src/http/httpClient.ts b/src/http/httpClient.ts index 6a6871e..62404f5 100644 --- a/src/http/httpClient.ts +++ b/src/http/httpClient.ts @@ -4,7 +4,7 @@ * This file was automatically generated by APIMATIC v2.0 ( https://apimatic.io ). */ -import axios, { AxiosInstance, AxiosRequestConfig, AxiosResponse } from 'axios'; +import axios, { AxiosHeaders, AxiosInstance, AxiosRequestConfig, AxiosResponse } from 'axios'; import isNode from 'detect-node'; import FormData from 'form-data'; import { isBlob } from '../apiHelper'; @@ -91,14 +91,14 @@ export class HttpClient { } newRequest.data = form; - mergeHeaders(newRequest.headers || {} , form.getHeaders()); + mergeHeaders(newRequest.headers as AxiosHeaders || {} , form.getHeaders()); } else if ( requestBody?.type === 'form-data' || requestBody?.type === 'form' ) { // Create form-urlencoded request setHeader( - newRequest.headers || {}, + newRequest.headers as AxiosHeaders || {}, CONTENT_TYPE_HEADER, FORM_URLENCODED_CONTENT_TYPE ); @@ -112,7 +112,7 @@ export class HttpClient { // Otherwise, use the content type if available. contentType = requestBody.content.options.contentType; } - setHeaderIfNotSet(newRequest.headers || {}, CONTENT_TYPE_HEADER, contentType); + setHeaderIfNotSet(newRequest.headers as AxiosHeaders || {}, CONTENT_TYPE_HEADER, contentType); newRequest.data = requestBody.content.file; } else if (requestBody && typeof(requestBody['type']) !== 'undefined') { @@ -139,7 +139,7 @@ export class HttpClient { public convertHttpResponse(resp: AxiosResponse): HttpResponse { return { body: resp.data, - headers: resp.headers, + headers: resp.headers as AxiosHeaders, statusCode: resp.status, }; }