From 5f08d71fddf3387f566ae28ee8dbf359484529f8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 23 Aug 2025 17:58:07 +0000 Subject: [PATCH 1/3] Bump axios from 1.7.9 to 1.8.2 Bumps [axios](https://github.com/axios/axios) from 1.7.9 to 1.8.2. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](https://github.com/axios/axios/compare/v1.7.9...v1.8.2) --- updated-dependencies: - dependency-name: axios dependency-version: 1.8.2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 674412e..5d3447b 100644 --- a/package.json +++ b/package.json @@ -91,7 +91,7 @@ "@shopify/flash-list": "1.7.3", "@tanstack/react-query": "~5.52.1", "app-icon-badge": "^0.1.2", - "axios": "~1.7.5", + "axios": "~1.8.2", "babel-plugin-module-resolver": "^5.0.2", "buffer": "^6.0.3", "crypto-js": "^4.2.0", diff --git a/yarn.lock b/yarn.lock index 4157ae4..8f81060 100644 --- a/yarn.lock +++ b/yarn.lock @@ -5315,10 +5315,10 @@ available-typed-arrays@^1.0.7: dependencies: possible-typed-array-names "^1.0.0" -axios@~1.7.5: - version "1.7.9" - resolved "https://registry.yarnpkg.com/axios/-/axios-1.7.9.tgz#d7d071380c132a24accda1b2cfc1535b79ec650a" - integrity sha512-LhLcE7Hbiryz8oMDdDptSrWowmB4Bl6RCt6sIJKpRB4XtVf0iEgewX3au/pJqm+Py1kCASkb/FFKjxQaLtxJvw== +axios@~1.8.2: + version "1.8.2" + resolved "https://registry.yarnpkg.com/axios/-/axios-1.8.2.tgz#fabe06e241dfe83071d4edfbcaa7b1c3a40f7979" + integrity sha512-ls4GYBm5aig9vWx8AWDSGLpnpDQRtWAfrjU+EuytuODrFBkqesN2RkOQCBzrA1RQNHw1SmRMSDDDSwzNAYQ6Rg== dependencies: follow-redirects "^1.15.6" form-data "^4.0.0" From 63c97c2c7eb8953cd12ea749b709d160842cd56e Mon Sep 17 00:00:00 2001 From: Shawn Jackson Date: Sat, 23 Aug 2025 14:45:58 -0700 Subject: [PATCH 2/3] CU-868ex18rd Changing to Firebase Dist --- .github/workflows/react-native-cicd.yml | 27 +++++++++++-------------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/.github/workflows/react-native-cicd.yml b/.github/workflows/react-native-cicd.yml index 2e939db..45ea139 100644 --- a/.github/workflows/react-native-cicd.yml +++ b/.github/workflows/react-native-cicd.yml @@ -276,24 +276,21 @@ jobs: ./ResgridRespond-ios-prod.ipa retention-days: 7 - - name: 📦 Upload Android build artifacts to Testfairy - if: (matrix.platform == 'android') - uses: alexfu/testfairy-upload-action@main + - name: 📦 Setup Firebase CLI + uses: w9jds/setup-firebase@main with: - api-key: ${{ secrets.TESTFAIRY_API_KEY }} - file: ./ResgridRespond-prod.apk - groups: Resgrid - notify: on + tools-version: 11.9.0 + firebase_token: ${{ secrets.FIREBASE_TOKEN }} - - name: 📦 Upload iOS build artifacts to Testfairy - if: (matrix.platform == 'ios') - uses: alexfu/testfairy-upload-action@main - with: - api-key: ${{ secrets.TESTFAIRY_API_KEY }} - file: ./ResgridRespond-ios-adhoc.ipa - groups: Resgrid - notify: on + - name: 📦 Upload Android artifact to Firebase App Distribution + if: (matrix.platform == 'android') + run: | + firebase appdistribution:distribute ./ResgridRespond-prod.apk --app ${{ secrets.FIREBASE_RESP_ANDROID_APP_ID }} --groups "testers" + - name: 📦 Upload iOS artifact to Firebase App Distribution + if: (matrix.platform == 'ios') + run: | + firebase appdistribution:distribute ./ResgridRespond-ios-adhoc.ipa --app ${{ secrets.FIREBASE_RESP_IOS_APP_ID }} --groups "testers" - name: 📋 Prepare Release Notes file if: ${{ matrix.platform == 'android' }} From f42bee6903edb80443801b32c4284e0dd89fd0a3 Mon Sep 17 00:00:00 2001 From: Shawn Jackson Date: Sat, 23 Aug 2025 16:18:53 -0700 Subject: [PATCH 3/3] fix: update axios dependency from 1.8.2 to 1.11.0 to address security vulnerability --- package.json | 2 +- yarn.lock | 21 ++++++++++++++++----- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/package.json b/package.json index 5d3447b..985e8f7 100644 --- a/package.json +++ b/package.json @@ -91,7 +91,7 @@ "@shopify/flash-list": "1.7.3", "@tanstack/react-query": "~5.52.1", "app-icon-badge": "^0.1.2", - "axios": "~1.8.2", + "axios": "^1.11.0", "babel-plugin-module-resolver": "^5.0.2", "buffer": "^6.0.3", "crypto-js": "^4.2.0", diff --git a/yarn.lock b/yarn.lock index 8f81060..dfa9fde 100644 --- a/yarn.lock +++ b/yarn.lock @@ -5315,13 +5315,13 @@ available-typed-arrays@^1.0.7: dependencies: possible-typed-array-names "^1.0.0" -axios@~1.8.2: - version "1.8.2" - resolved "https://registry.yarnpkg.com/axios/-/axios-1.8.2.tgz#fabe06e241dfe83071d4edfbcaa7b1c3a40f7979" - integrity sha512-ls4GYBm5aig9vWx8AWDSGLpnpDQRtWAfrjU+EuytuODrFBkqesN2RkOQCBzrA1RQNHw1SmRMSDDDSwzNAYQ6Rg== +axios@^1.11.0: + version "1.11.0" + resolved "https://registry.yarnpkg.com/axios/-/axios-1.11.0.tgz#c2ec219e35e414c025b2095e8b8280278478fdb6" + integrity sha512-1Lx3WLFQWm3ooKDYZD1eXmoGO9fxYQjrycfHFC8P0sCfQVXyROp0p9PFWBehewBOdCwHc+f/b8I0fMto5eSfwA== dependencies: follow-redirects "^1.15.6" - form-data "^4.0.0" + form-data "^4.0.4" proxy-from-env "^1.1.0" babel-core@^7.0.0-bridge.0: @@ -8216,6 +8216,17 @@ form-data@^4.0.0: hasown "^2.0.2" mime-types "^2.1.12" +form-data@^4.0.4: + version "4.0.4" + resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.4.tgz#784cdcce0669a9d68e94d11ac4eea98088edd2c4" + integrity sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow== + dependencies: + asynckit "^0.4.0" + combined-stream "^1.0.8" + es-set-tostringtag "^2.1.0" + hasown "^2.0.2" + mime-types "^2.1.12" + framer-motion@^6.5.1: version "6.5.1" resolved "https://registry.yarnpkg.com/framer-motion/-/framer-motion-6.5.1.tgz#802448a16a6eb764124bf36d8cbdfa6dd6b931a7"