Closed JSn1nj4 closed 1 month ago
@zach2825 I included removing axios
due to it seemingly being unused at this point. It was an old version with equally old dependencies that had their own security issues. That sound fair?
Might see if Laravel UI is being used and also if it's actually using Axios (thanks @allella).
Apparently Axios is configured in Laravel/UI's bootstrap.js file, like new Laravel projects used to. But it doesn't even have its own package.json file, so not sure what that's about. Maybe it was assumed that a project using that package already had Axios installed.
Laravel UI's README indicates that axios is optional, so we don't have to worry about that. https://github.com/laravel/ui?tab=readme-ov-file#writing-javascript
@bogdankharchenko @zach2825 this looks like a short PR. If either of you approve it, then I'll be glad to merge it in and clear up some of our Dependabot warnings.
This PR is staged and looks good on the first click through. I'll check the logs before doing a release.
This PR is to partly work around whatever is causing #239 for the time being.
Changes
vite
to 4.5.3pm2
to address security issues in dependenciessharp
to the v0.33.x to address some security issuesresolve-url-loader
since this project has used vite instead of webpack for some time nowaxios
since it seems to not be in use