Update axios in botbuilder-core from 0.28 to 1.6.4
mehradrafigh opened this issue · 3 comments
mehradrafigh commented
Is your feature request related to a problem? Please describe.
The version of axios that is used in botbuilder-core is 0.28 and contains security vulnerabilities
https://security.snyk.io/package/npm/axios/0.28.0
Describe the solution you'd like
Update to version 1.6.4 to fix those security vulnerabilities
mehradrafigh commented
@tracyboehrer, I can contribute from my end. Looking through the Contributing section.md I need somebody to approve the issue so I can start the implementation. Do you see any problem with that? Axios 0.28 is pretty outdated, has security issues, and should not be used anymore because there is Axios 1.6.4
tracyboehrer commented
@mehradrafigh Of course we'd welcome the contribution. When you submit the PR, it will require you to accept, and I'll approve it the request.
mehradrafigh commented
Hi @tracyboehrer I forked the repository, installed yarn and tried to run yarn install
I get the following error
➜ yarn install
yarn install v1.22.22
[1/4] 🔍 Resolving packages...
warning Lockfile has incorrect entry for "@types/jsonwebtoken@8.3.5". Ignoring it.
warning Resolution field "axios@0.28.0" is incompatible with requested version "axios@^1.6.8"
warning Resolution field "async@3.2.3" is incompatible with requested version "async@^2.6.1"
warning Resolution field "axios@0.28.0" is incompatible with requested version "axios@~0.21.1"
warning Resolution field "async@3.2.3" is incompatible with requested version "async@^1.4.0"
warning Resolution field "tar@6.1.9" is incompatible with requested version "tar@6.0.2"
warning Resolution field "tar@6.1.9" is incompatible with requested version "tar@^6.1.11"
warning Resolution field "ws@7.4.6" is incompatible with requested version "ws@^8.2.3"
warning Resolution field "ws@7.4.6" is incompatible with requested version "ws@>=8.7.0"
warning Resolution field "@types/ramda@0.26.0" is incompatible with requested version "@types/ramda@~0.29.6"
warning Resolution field "@types/ramda@0.26.0" is incompatible with requested version "@types/ramda@~0.29.6"
warning Resolution field "@types/ramda@0.26.0" is incompatible with requested version "@types/ramda@~0.29.6"
warning Resolution field "@types/ramda@0.26.0" is incompatible with requested version "@types/ramda@~0.29.6"
warning Resolution field "axios@0.28.0" is incompatible with requested version "axios@^1.4.0"
warning Resolution field "mixme@0.5.2" is incompatible with requested version "mixme@^0.3.1"
warning Resolution field "json-schema@0.4.0" is incompatible with requested version "json-schema@0.2.3"
warning Resolution field "@types/ramda@0.26.0" is incompatible with requested version "@types/ramda@~0.29.6"
warning Resolution field "@types/ramda@0.26.0" is incompatible with requested version "@types/ramda@~0.29.6"
warning Resolution field "@types/ramda@0.26.0" is incompatible with requested version "@types/ramda@~0.29.6"
warning Resolution field "@types/ramda@0.26.0" is incompatible with requested version "@types/ramda@~0.29.6"
warning Resolution field "@types/ramda@0.26.0" is incompatible with requested version "@types/ramda@~0.29.6"
warning Resolution field "@types/ramda@0.26.0" is incompatible with requested version "@types/ramda@~0.29.6"
warning Resolution field "@types/ramda@0.26.0" is incompatible with requested version "@types/ramda@~0.29.6"
warning Resolution field "@types/ramda@0.26.0" is incompatible with requested version "@types/ramda@~0.29.6"
warning Resolution field "@types/ramda@0.26.0" is incompatible with requested version "@types/ramda@~0.29.6"
warning Resolution field "@types/ramda@0.26.0" is incompatible with requested version "@types/ramda@~0.29.6"
warning Resolution field "@types/ramda@0.26.0" is incompatible with requested version "@types/ramda@~0.29.6"
warning Resolution field "@types/ramda@0.26.0" is incompatible with requested version "@types/ramda@~0.29.6"
warning Resolution field "@types/ramda@0.26.0" is incompatible with requested version "@types/ramda@~0.29.6"
warning Resolution field "@types/ramda@0.26.0" is incompatible with requested version "@types/ramda@~0.29.6"
warning Resolution field "@types/ramda@0.26.0" is incompatible with requested version "@types/ramda@~0.29.6"
warning Resolution field "@types/ramda@0.26.0" is incompatible with requested version "@types/ramda@~0.29.6"
warning Resolution field "@types/ramda@0.26.0" is incompatible with requested version "@types/ramda@~0.29.6"
warning Resolution field "@types/ramda@0.26.0" is incompatible with requested version "@types/ramda@~0.29.6"
warning Resolution field "@types/ramda@0.26.0" is incompatible with requested version "@types/ramda@~0.29.6"
warning Resolution field "@types/ramda@0.26.0" is incompatible with requested version "@types/ramda@~0.29.6"
warning Resolution field "@types/ramda@0.26.0" is incompatible with requested version "@types/ramda@~0.29.6"
warning Resolution field "@types/ramda@0.26.0" is incompatible with requested version "@types/ramda@~0.29.6"
warning Resolution field "@types/ramda@0.26.0" is incompatible with requested version "@types/ramda@~0.29.6"
[2/4] 🚚 Fetching packages...
error @microsoft/orchestrator-core@4.14.4: The CPU architecture "arm64" is incompatible with this module.
error Found incompatible moduleI am on a Silicon Apple Macbook Pro and don't have Windows anywhere. How can I still contribute?