From b14203ddd2657ab20a2c6f7b9e6e3f6c88530566 Mon Sep 17 00:00:00 2001 From: Sparkle <1284531+baurine@users.noreply.github.com> Date: Mon, 27 Nov 2023 17:27:58 +0800 Subject: [PATCH] fix: update axios to fix security issue (#1617) --- ui/packages/clinic-client/package.json | 6 +- .../tidb-dashboard-client/package.json | 6 +- .../package.json | 2 +- .../src/apps/SlowQuery/context.ts | 2 +- .../tidb-dashboard-for-clinic-op/package.json | 2 +- .../src/apps/SlowQuery/context.ts | 4 +- .../tidb-dashboard-for-dbaas/package.json | 2 +- .../tidb-dashboard-for-op/package.json | 2 +- ui/packages/tidb-dashboard-lib/package.json | 2 +- ui/pnpm-lock.yaml | 56 +++++++++---------- 10 files changed, 39 insertions(+), 45 deletions(-) diff --git a/ui/packages/clinic-client/package.json b/ui/packages/clinic-client/package.json index 89d0f0e0f1..8e50421fce 100644 --- a/ui/packages/clinic-client/package.json +++ b/ui/packages/clinic-client/package.json @@ -11,14 +11,14 @@ }, "author": "", "license": "ISC", - "dependencies": { - "axios": "^0.27.2" - }, "devDependencies": { "@openapitools/openapi-generator-cli": "^2.5.1", "esm": "^3.2.25", "gulp": "^4.0.2", "gulp-shell": "^0.8.0", "typescript": "^4.7.3" + }, + "dependencies": { + "axios": "^1.6.2" } } diff --git a/ui/packages/tidb-dashboard-client/package.json b/ui/packages/tidb-dashboard-client/package.json index fe7b5067bf..0dc4f5b2e0 100644 --- a/ui/packages/tidb-dashboard-client/package.json +++ b/ui/packages/tidb-dashboard-client/package.json @@ -11,14 +11,14 @@ }, "author": "", "license": "ISC", - "dependencies": { - "axios": "^0.27.2" - }, "devDependencies": { "@openapitools/openapi-generator-cli": "^2.5.1", "esm": "^3.2.25", "gulp": "^4.0.2", "gulp-shell": "^0.8.0", "typescript": "^4.7.3" + }, + "dependencies": { + "axios": "^1.6.2" } } diff --git a/ui/packages/tidb-dashboard-for-clinic-cloud/package.json b/ui/packages/tidb-dashboard-for-clinic-cloud/package.json index 2fdc5ab444..717f6bbe05 100644 --- a/ui/packages/tidb-dashboard-for-clinic-cloud/package.json +++ b/ui/packages/tidb-dashboard-for-clinic-cloud/package.json @@ -31,7 +31,7 @@ "@pingcap/tidb-dashboard-lib": "workspace:^1.0.0", "ahooks": "^3.1.9", "antd": "^4.18.7", - "axios": "^0.27.2", + "axios": "^1.6.2", "bulma": "^0.9.4", "classnames": "^2.3.1", "compare-versions": "^5.0.1", diff --git a/ui/packages/tidb-dashboard-for-clinic-cloud/src/apps/SlowQuery/context.ts b/ui/packages/tidb-dashboard-for-clinic-cloud/src/apps/SlowQuery/context.ts index 2431491814..0542dc03ec 100644 --- a/ui/packages/tidb-dashboard-for-clinic-cloud/src/apps/SlowQuery/context.ts +++ b/ui/packages/tidb-dashboard-for-clinic-cloud/src/apps/SlowQuery/context.ts @@ -64,7 +64,7 @@ class DataSource implements ISlowQueryDataSource { statusText: 'ok', headers: {}, config: {} - }) + } as any) } else { return client.getInstance().slowQueryDetailGet( { diff --git a/ui/packages/tidb-dashboard-for-clinic-op/package.json b/ui/packages/tidb-dashboard-for-clinic-op/package.json index 9803268f92..0ae443e2d1 100644 --- a/ui/packages/tidb-dashboard-for-clinic-op/package.json +++ b/ui/packages/tidb-dashboard-for-clinic-op/package.json @@ -26,7 +26,7 @@ "@pingcap/clinic-client": "workspace:^1.0.0", "@pingcap/tidb-dashboard-lib": "workspace:^1.0.0", "antd": "^4.18.7", - "axios": "^0.27.2", + "axios": "^1.6.2", "i18next": "^23.2.9", "react": "^17.0.2", "react-dom": "^17.0.2", diff --git a/ui/packages/tidb-dashboard-for-clinic-op/src/apps/SlowQuery/context.ts b/ui/packages/tidb-dashboard-for-clinic-op/src/apps/SlowQuery/context.ts index f682bad018..dd1dc6c307 100644 --- a/ui/packages/tidb-dashboard-for-clinic-op/src/apps/SlowQuery/context.ts +++ b/ui/packages/tidb-dashboard-for-clinic-op/src/apps/SlowQuery/context.ts @@ -27,7 +27,7 @@ class DataSource implements ISlowQueryDataSource { statusText: 'ok', headers: {}, config: {} - }) + } as any) } slowQueryAvailableFieldsGet(options?: ReqConfig) { @@ -38,7 +38,7 @@ class DataSource implements ISlowQueryDataSource { statusText: 'ok', headers: {}, config: {} - }) + } as any) } slowQueryListGet( diff --git a/ui/packages/tidb-dashboard-for-dbaas/package.json b/ui/packages/tidb-dashboard-for-dbaas/package.json index 8206cb2600..a95769b4eb 100644 --- a/ui/packages/tidb-dashboard-for-dbaas/package.json +++ b/ui/packages/tidb-dashboard-for-dbaas/package.json @@ -27,7 +27,7 @@ "@pingcap/tidb-dashboard-client": "workspace:^1.0.0", "@pingcap/tidb-dashboard-lib": "workspace:^1.0.0", "antd": "^4.18.7", - "axios": "^0.27.2", + "axios": "^1.6.2", "compare-versions": "^5.0.1", "i18next": "^23.2.9", "react": "^17.0.2", diff --git a/ui/packages/tidb-dashboard-for-op/package.json b/ui/packages/tidb-dashboard-for-op/package.json index ea0fb85f5a..c8398acf2a 100644 --- a/ui/packages/tidb-dashboard-for-op/package.json +++ b/ui/packages/tidb-dashboard-for-op/package.json @@ -23,7 +23,7 @@ "@pingcap/tidb-dashboard-lib": "workspace:^1.0.0", "ahooks": "^3.1.9", "antd": "^4.18.7", - "axios": "^0.27.2", + "axios": "^1.6.2", "bulma": "^0.9.4", "classnames": "^2.3.1", "compare-versions": "^5.0.1", diff --git a/ui/packages/tidb-dashboard-lib/package.json b/ui/packages/tidb-dashboard-lib/package.json index ff8bf64d3d..211b5d9097 100644 --- a/ui/packages/tidb-dashboard-lib/package.json +++ b/ui/packages/tidb-dashboard-lib/package.json @@ -25,7 +25,7 @@ "ace-builds": "^1.6.0", "ahooks": "^3.1.9", "antd": "^4.18.7", - "axios": "^0.27.2", + "axios": "^1.6.2", "classnames": "^2.3.1", "d3": "^5.16.0", "d3-flextree": "2.1.2", diff --git a/ui/pnpm-lock.yaml b/ui/pnpm-lock.yaml index 701a248928..4690b5c9c4 100644 --- a/ui/pnpm-lock.yaml +++ b/ui/pnpm-lock.yaml @@ -33,8 +33,8 @@ importers: packages/clinic-client: dependencies: axios: - specifier: ^0.27.2 - version: 0.27.2 + specifier: ^1.6.2 + version: 1.6.2 devDependencies: '@openapitools/openapi-generator-cli': specifier: ^2.5.1 @@ -55,8 +55,8 @@ importers: packages/tidb-dashboard-client: dependencies: axios: - specifier: ^0.27.2 - version: 0.27.2 + specifier: ^1.6.2 + version: 1.6.2 devDependencies: '@openapitools/openapi-generator-cli': specifier: ^2.5.1 @@ -101,8 +101,8 @@ importers: specifier: ^4.18.7 version: 4.21.7(react-dom@17.0.2)(react@17.0.2) axios: - specifier: ^0.27.2 - version: 0.27.2 + specifier: ^1.6.2 + version: 1.6.2 bulma: specifier: ^0.9.4 version: 0.9.4 @@ -258,8 +258,8 @@ importers: specifier: ^4.18.7 version: 4.21.7(react-dom@17.0.2)(react@17.0.2) axios: - specifier: ^0.27.2 - version: 0.27.2 + specifier: ^1.6.2 + version: 1.6.2 i18next: specifier: ^23.2.9 version: 23.2.9 @@ -340,8 +340,8 @@ importers: specifier: ^4.18.7 version: 4.21.7(react-dom@17.0.2)(react@17.0.2) axios: - specifier: ^0.27.2 - version: 0.27.2 + specifier: ^1.6.2 + version: 1.6.2 compare-versions: specifier: ^5.0.1 version: 5.0.1 @@ -440,8 +440,8 @@ importers: specifier: ^4.18.7 version: 4.21.7(react-dom@17.0.2)(react@17.0.2) axios: - specifier: ^0.27.2 - version: 0.27.2 + specifier: ^1.6.2 + version: 1.6.2 bulma: specifier: ^0.9.4 version: 0.9.4 @@ -630,8 +630,8 @@ importers: specifier: ^4.18.7 version: 4.21.7(react-dom@17.0.2)(react@17.0.2) axios: - specifier: ^0.27.2 - version: 0.27.2 + specifier: ^1.6.2 + version: 1.6.2 classnames: specifier: ^2.3.1 version: 2.3.1 @@ -2433,6 +2433,7 @@ packages: /@babel/plugin-proposal-object-rest-spread@7.20.7(@babel/core@7.22.10): resolution: {integrity: sha512-d2S98yCiLxDVmBmE8UjGcfPvNEUbA1U5q5WxaWFUGRzJSVAZqm5W6MbPct0jxnegUZ0niLeNX+IOzEs7wYg9Dg==} engines: {node: '>=6.9.0'} + deprecated: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-object-rest-spread instead. peerDependencies: '@babel/core': ^7.0.0-0 dependencies: @@ -2491,6 +2492,7 @@ packages: /@babel/plugin-proposal-optional-chaining@7.21.0(@babel/core@7.22.10): resolution: {integrity: sha512-p4zeefM72gpmEe2fkUr/OnOXpWEf8nAgk7ZYVqqfFiyIG7oFfVZcCrU64hWn5xp4tQ9LkV4bTIa5rD0KANpKNA==} engines: {node: '>=6.9.0'} + deprecated: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-chaining instead. peerDependencies: '@babel/core': ^7.0.0-0 dependencies: @@ -6587,7 +6589,7 @@ packages: resolution: {integrity: sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==} engines: {node: '>= 0.6'} dependencies: - mime-types: registry.npmmirror.com/mime-types@2.1.35 + mime-types: 2.1.35 negotiator: 0.6.3 /ace-builds@1.7.1: @@ -7143,11 +7145,12 @@ packages: - debug dev: true - /axios@0.27.2: - resolution: {integrity: sha512-t+yRIyySRTp/wua5xEr+z1q60QmLq8ABsS5O9Me1AsE5dfKqgnCFzwiCZZ/cGNd1lq4/7akDWMxdhVlucjmnOQ==} + /axios@1.6.2: + resolution: {integrity: sha512-7i24Ri4pmDRfJTR7LDBhsOTtcm+9kjX5WiY1X3wIisx6G9So3pfMkEiU7emUBe46oceVImccTEM3k6C5dbVW8A==} dependencies: follow-redirects: 1.15.1 form-data: 4.0.0 + proxy-from-env: 1.1.0 transitivePeerDependencies: - debug dev: false @@ -9087,6 +9090,7 @@ packages: /domexception@2.0.1: resolution: {integrity: sha512-yxJ2mFy/sibVQlu5qHjOkf9J3K6zgmCxgJ94u2EdvDOV09H+32LtRswEcUsmUWN72pVLOEnTSRaIVVzVQgS0dg==} engines: {node: '>=8'} + deprecated: Use your platform's native DOMException instead dependencies: webidl-conversions: 5.0.0 dev: true @@ -15268,6 +15272,10 @@ packages: resolution: {integrity: sha512-F2JHgJQ1iqwnHDcQjVBsq3n/uoaFL+iPW/eAeL7kVxy/2RrWaN4WroKjjvbsoRtv0ftelNyC01bjRhn/bhcf4A==} dev: true + /proxy-from-env@1.1.0: + resolution: {integrity: sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==} + dev: false + /proxy-middleware@0.15.0: resolution: {integrity: sha512-EGCG8SeoIRVMhsqHQUdDigB2i7qU7fCsWASwn54+nPutYO8n4q6EiwMzyfWlC+dzRFExP+kvcnDFdBDHoZBU7Q==} engines: {node: '>=0.8.0'} @@ -20963,20 +20971,6 @@ packages: version: 2.0.14 dev: false - registry.npmmirror.com/mime-db@1.52.0: - resolution: {integrity: sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==, registry: https://registry.npmjs.org/, tarball: https://registry.npmmirror.com/mime-db/-/mime-db-1.52.0.tgz} - name: mime-db - version: 1.52.0 - engines: {node: '>= 0.6'} - - registry.npmmirror.com/mime-types@2.1.35: - resolution: {integrity: sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==, registry: https://registry.npmjs.org/, tarball: https://registry.npmmirror.com/mime-types/-/mime-types-2.1.35.tgz} - name: mime-types - version: 2.1.35 - engines: {node: '>= 0.6'} - dependencies: - mime-db: registry.npmmirror.com/mime-db@1.52.0 - registry.npmmirror.com/minimatch@3.1.2: resolution: {integrity: sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==, registry: https://registry.npmjs.org/, tarball: https://registry.npmmirror.com/minimatch/-/minimatch-3.1.2.tgz} name: minimatch