cldr-data-downloader icon indicating copy to clipboard operation
cldr-data-downloader copied to clipboard

Published 20 hours ago verified publisher icon rxaviers

Bump axios to 1.6.8

Open MehmetYararVX opened this issue 1 year ago • 1 comments

The current Axios version, 0.26.1, is vulnerable to CSRF attacks.

This PR fixes it by upgrading the Axios version to 1.6.8.

Checkmarx SCA references:

Advisory Issue Issue Pull Request Commit Release Note NVD

MehmetYararVX avatar Apr 13 '24 12:04 MehmetYararVX

@rxaviers, Axios' API remains the same between the two versions. Upgrading to 1.6.8 should be safe and straightforward.

So that you know, the package-lock version has been upgraded to 3.

Could you please review it?

MehmetYararVX avatar Apr 13 '24 13:04 MehmetYararVX

@rxaviers Any chance you could merge this PR and put out a new release?

johnmwright avatar Jun 11 '24 16:06 johnmwright

@rxaviers - Can you please merge this PR and put out a new release ?

utsavkapoor avatar Jun 13 '24 03:06 utsavkapoor

I am not actively maintaining it, thanks for the bumps, merging it now.

rxaviers avatar Jul 22 '24 14:07 rxaviers