Page MenuHomePhabricator
Create Task
Maniphest T230940

Replace moxios with more active project
Open, Needs TriagePublic
Actions

Description

Our Axios mocking library, moxios, has a dependency on a vulnerable version of axios, our http request library. Looking at the commits and comments in the bug tracker, it looks like there won't be an update to the dependency any time soon. So we need to mock it differently, either with pure Jest or by using a different Axios mocking library, e.g. [[ https://www.npmjs.com/package/axios-mock-adapter | axios-mock-adapter ]]

This is not a critical security issue, as the outdated dependency is a dev dependency. But we should fix it nevertheless to avoid becoming blind to GitHub package warnings.

Event Timeline

gabriel-wmde created this task.Aug 21 2019, 3:34 PM
Restricted Application added a project: WMDE-FUN-Team. · View Herald TranscriptAug 21 2019, 3:34 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
gabriel-wmde added a project: WMDE-Fundraising-CFR.Dec 19 2019, 1:17 PM
gabriel-wmde moved this task from Backlog to Ready for Estimation on the WMDE-Fundraising-CFR board.Dec 19 2019, 1:34 PM
gabriel-wmde updated the task description. (Show Details)Oct 28 2020, 9:48 AM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL