search

gatsby-uc / gatsby-source-strapi

Gatsby source plugin for building websites using Strapi as a data source
MIT License
354 stars 182 forks source link

Bump axios version #262

Closed hoanvh closed 2 years ago

hoanvh commented 2 years ago

Security issue:

https://github.com/advisories/GHSA-cph5-m8f7-6c5x

Description:

Upgrade axios dependency regarding to the above security issue.

Changes:

Comments:

I have a concern of which axios version should be upgraded to. To deal with the security issue, the latest patched version (0.21.4) seems enough. But after checking the axios CHANGELOG, there is no breaking changes what affects to axios usage in this project. So, is it better to use the latest version than the patched version?

strapi-cla commented 2 years ago

CLA assistant check
All committers have signed the CLA.