Closed JSn1nj4 closed 1 month ago
JSn1nj4
commented
1 month ago @zach2825 I included removing axios due to it seemingly being unused at this point. It was an old version with equally old dependencies that had their own security issues. That sound fair?
JSn1nj4
commented
1 month ago Might see if Laravel UI is being used and also if it's actually using Axios (thanks @allella).
Apparently Axios is configured in Laravel/UI's bootstrap.js file, like new Laravel projects used to. But it doesn't even have its own package.json file, so not sure what that's about. Maybe it was assumed that a project using that package already had Axios installed.
JSn1nj4
commented
1 month ago Laravel UI's README indicates that axios is optional, so we don't have to worry about that. https://github.com/laravel/ui?tab=readme-ov-file#writing-javascript
allella
commented
1 month ago @bogdankharchenko @zach2825 this looks like a short PR. If either of you approve it, then I'll be glad to merge it in and clear up some of our Dependabot warnings.
allella
commented
1 month ago This PR is staged and looks good on the first click through. I'll check the logs before doing a release.
This PR is to partly work around whatever is causing #239 for the time being.
Changes
viteto 4.5.3pm2to address security issues in dependenciessharpto the v0.33.x to address some security issuesresolve-url-loadersince this project has used vite instead of webpack for some time nowaxiossince it seems to not be in use