fix: security upgrade axios from 0.21.4 to 1.6.0 (#262)

* fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-6032459 * chore: npm i * fix: temporary workaround for CJS Axios --------- Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: Kyle Huang Junyuan <kyle@hjunyuan.com>
Open-Attestation · Nov 3, 2023 · ebe8714 · ebe8714
1 parent 0ff4e85
commit ebe8714
Show file tree

Hide file tree

Showing 3 changed files with 61 additions and 36 deletions.
diff --git a/jest.config.js b/jest.config.js
@@ -3,4 +3,7 @@ module.exports = {
   testEnvironment: "node",
   watchPlugins: ["jest-watch-typeahead/filename", "jest-watch-typeahead/testname"],
   testTimeout: 30000,
+  moduleNameMapper: {
+    axios: "axios/dist/node/axios.cjs", // Temporary workaround: Force Jest to import the CommonJS Axios build
+  },
 };
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -29,7 +29,7 @@
     "@govtechsg/document-store": "^2.2.3",
     "@govtechsg/open-attestation": "^6.2.0",
     "@govtechsg/token-registry": "^4.1.7",
-    "axios": "^0.21.4",
+    "axios": "^1.6.0",
     "debug": "^4.3.1",
     "did-resolver": "^3.1.0",
     "ethers": "^5.1.4",