size-plugin

size-plugin copied to clipboard

chore(dependencies): bump axios version to 1.6.x

4

Bump axios version to a non-vulnerable version

causaly-mark

size-plugin depends on a vulnerable version of Axios

3

I see #48 was created by Dependabot to resolve this, but 'fixed' versions of Axios have breaking changes. Happy to take a look at this if it helps.

causaly-mark

Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.13.2 to 1.15.4. Commits 6585820 Release version 1.15.4 of the npm package. 7a6567e Disallow bracketed hostnames. 05629af Prefer native URL instead of deprecated url.parse. 1cba8e8 Prefer native...

dependabot[bot]

Bumps [handlebars](https://github.com/handlebars-lang/handlebars.js) from 4.1.2 to 4.7.8. Release notes Sourced from handlebars's releases. v4.7.8 Make library compatible with workers (#1894) - 3d3796c Don't rely on Node.js global object (#1776) - 2954e7e...

dependabot[bot]

Bumps [axios](https://github.com/axios/axios) from 0.21.1 to 1.6.0. Release notes Sourced from axios's releases. Release v1.6.0 Release notes: Bug Fixes CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232) dns: fixed lookup function decorator...

dependabot[bot]

Bumps [browserify-sign](https://github.com/crypto-browserify/browserify-sign) from 4.0.4 to 4.2.2. Changelog Sourced from browserify-sign's changelog. v4.2.2 - 2023-10-25 Fixed [Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37) Commits Only apps should have lockfiles 09a8995...

dependabot[bot]

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.10 to 4.17.21. Commits f299b52 Bump to v4.17.21 c4847eb Improve performance of toNumber, trim and trimEnd on large input strings 3469357 Prevent command injection through _.template's variable...

dependabot[bot]

Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) to 7.23.2 and updates ancestor dependencies [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) and [eslint-config-developit](https://github.com/developit/eslint-config-developit). These dependencies need to be updated together. Updates `@babel/traverse` from 7.5.5 to 7.23.2 Release notes Sourced from @​babel/traverse's releases....

dependabot[bot]

Bumps [fsevents](https://github.com/fsevents/fsevents) from 1.2.9 to 1.2.13. Release notes Sourced from fsevents's releases. Release v1.2.13 Only build on Mac-OSX Release v1.2.11 Removing node-pre-gyp so that building fsevents becomes easier and enabled...

dependabot[bot]

Bumps and [postcss](https://github.com/postcss/postcss). These dependencies needed to be updated together. Updates `postcss` from 8.2.4 to 8.4.31 Release notes Sourced from postcss's releases. 8.4.31 Fixed \r parsing to fix CVE-2023-44270. 8.4.30...

dependabot[bot]