apisauce icon indicating copy to clipboard operation
apisauce copied to clipboard

Published 20 hours ago verified publisher icon infinitered

Update axios dependency to pick up vulnerability

Open eithe opened this issue 3 years ago • 2 comments

The follow-redirects package which is a dependency of axios 0.21.4 is vulnerable; https://github.com/advisories/GHSA-74fj-2j2h-c42q.

Any chance you could update the axios dependency all the way to latest 0.25.0?

eithe avatar Jan 26 '22 12:01 eithe

I've forked the repo and tried to update the axios, seems working properly & the test case doesn't seems to have any problem.

These are the dependencies that I update in my repo

"axios": "^0.25.0",
"@types/node": "15.6.1",
"typescript": "3.9.4"

here is the link to the package.json : package.json

hope it helps 🙏

ardasatata avatar Feb 06 '22 14:02 ardasatata

@ardasatata Perhaps (if you have time) you could submit a PR for this? Last time there was a similar case the PR was accepted I believe.

eithe avatar Feb 09 '22 16:02 eithe

:tada: This issue has been resolved in version 3.0.0 :tada:

The release is available on:

Your semantic-release bot :package::rocket:

infinitered-circleci avatar Mar 08 '23 23:03 infinitered-circleci