analytics-node icon indicating copy to clipboard operation
analytics-node copied to clipboard

Published 20 hours ago verified publisher icon segmentio

Update axios to `1.6.0` to make it possible to get a security fix

Open stefreak opened this issue 1 year ago • 2 comments

I get the following error in Dependabot to resolve a security alert for axios:

Axios Cross-Site Request Forgery Vulnerability

Dependabot cannot update axios to a non-vulnerable version
The latest possible version that can be installed is 0.27.2 because of the following conflicting dependencies:

[email protected] requires axios@^0.27.2
The lockfile might be out of sync?
The earliest fixed version is 1.6.0.

stefreak avatar Nov 13 '23 16:11 stefreak