fix: Fixes vulnerability CVE-2019-10790, caused by axios dependency

dkoss · dkoss · commit 951c58fa55a0 · 2025-06-03T23:49:36.000-04:00
diff --git a/.github/release-please.yml b/.github/release-please.yml
@@ -1,2 +1,2 @@
 handleGHRelease: true
-manifest: true
+manifest: true
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,17 +1,16 @@
 on:
   push:
-    branches: [main]
   pull_request:
 name: ci
 jobs:
   test:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     strategy:
       matrix:
         node: [18, 20]
         include:
           # use latest npm by default
-          - npm-version: latest
+          - npm-version: 10.9.2
     steps:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
@@ -21,4 +20,4 @@ jobs:
       - name: Upgrade to latest npm to support lockfile v2
         run: npm install -g npm@${{ matrix.npm-version }}
       - run: npm install && npm install
-      - run: npm run test
+      - run: npm run test
diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/synthetics-sdk-api/package.json b/packages/synthetics-sdk-api/package.json
@@ -44,7 +44,7 @@
     "google-auth-library": "9.0.0",
     "ts-proto": "1.148.1",
     "winston": "3.10.0",
-    "axios": "1.6.7"
+    "axios": "1.9.0"
   },
   "author": "Google Inc.",
   "license": "Apache-2.0"
