node-soap icon indicating copy to clipboard operation
node-soap copied to clipboard

Published 20 hours ago verified publisher icon vpulim

update axios version

Open rrez2002 opened this issue 1 year ago • 16 comments

rrez2002 avatar Dec 10 '23 19:12 rrez2002

Any update? can this be merged? Thank you

boukmi avatar Dec 28 '23 22:12 boukmi

Bump

Dragonox77 avatar Jan 02 '24 14:01 Dragonox77

@jsdevel +1

boxexchanger avatar Jan 04 '24 23:01 boxexchanger

We would also appreciate the PR merge 👍 as there is a known vulnerability for the axios version that is in use.

See GitHub's advisory: https://github.com/advisories/GHSA-wf5p-g6vw-rhxx

swiesmann avatar Jan 10 '24 11:01 swiesmann

This dependency vulnerability is a show stopper for our app, without being able to update axios our app won't pass it's pipeline vulnerability scans.

Caryyon avatar Jan 10 '24 22:01 Caryyon

This PR with essentialy the same goal is open for almost one year: https://github.com/vpulim/node-soap/pull/1212 (has also been kept up to date). I think this project is dead and needs to be forked.

invariants avatar Jan 12 '24 17:01 invariants

Is there already a fork of this repo that is updated? This repo has a vulnerable version of Axios and I need to update it in my project as soon as possible.

juan-turk-simplisafe avatar Jan 12 '24 18:01 juan-turk-simplisafe

Any update? can this be merged? Thank you

lalitsharma309 avatar Jan 15 '24 11:01 lalitsharma309

Why did the developers decide to stop at 999 commits? Because they got tired of counting and thought it would be more impressive to start the next thousand with a fresh cup of coffee! 😃

boxexchanger avatar Jan 15 '24 11:01 boxexchanger

Please can this get approved. It's the only package left in my project that has a dependancy on this old version of axios, all other packages have updated

jackhollowaypls avatar Jan 20 '24 13:01 jackhollowaypls

Can you release it ?

Dragonox77 avatar Feb 02 '24 17:02 Dragonox77

Bump. Can this please get merged and released.

mfuqua3 avatar Feb 08 '24 16:02 mfuqua3

Same here still waiting for this to be merged and released 👍

Deprasos avatar Feb 13 '24 09:02 Deprasos

Bump!

SiRocke avatar Mar 06 '24 16:03 SiRocke

Please merge it ❤️

alexHerrmio avatar Mar 06 '24 19:03 alexHerrmio

Bump!

juan-turk-simplisafe avatar Mar 06 '24 19:03 juan-turk-simplisafe

This really needs to be merged since older axios versions are having vulnerabilities.

dkbhadeshiya avatar Mar 14 '24 06:03 dkbhadeshiya

Bump!

ronnie-gee avatar Mar 14 '24 14:03 ronnie-gee

Guys, it is probably better to use another lib, since the author do not seems to be active and probably do not care.

If a vulnerability is discovered tomorrow, we can't wait for the author to merge the fix in 3 months. This lib should be marked as deprecated or inactive. Maybe we should ask NPM to pressure them if they want to keep their package active.

Dragonox77 avatar Mar 14 '24 16:03 Dragonox77

@Dragonox77, could you suggest any other lib that we can use here?

hamidouikene avatar Mar 14 '24 16:03 hamidouikene

@hamidouikene

@Dragonox77, could you suggest any other lib that we can use here?

https://www.npmjs.com/package/strong-soap (updated 7 days ago) https://www.npmjs.com/package/easy-soap-request (updated 1 month ago)

Dragonox77 avatar Mar 14 '24 16:03 Dragonox77

I agree with @Dragonox77, we are moving to another library.

juan-turk-simplisafe avatar Mar 14 '24 17:03 juan-turk-simplisafe

Thank you for merging, @vpulim ! 👍 Looking forward to the release.

swiesmann avatar Apr 08 '24 07:04 swiesmann

@vpulim Any update on the release please?

JackHammer29 avatar Apr 15 '24 15:04 JackHammer29

Hi All, I will be helping to maintain this project for some time, discussing details with @vpulim atm. Hopefully I will release this soon.

w666 avatar Apr 16 '24 07:04 w666