inertiajs / inertia

Inertia.js lets you quickly build modern single-page React, Vue and Svelte apps using classic server-side routing and controllers.

https://inertiajs.com

MIT License

6.03k stars 405 forks source link

Update axios version. CORS Vulnerability #1776

Closed RyanGSampson closed 4 months ago

RyanGSampson commented 5 months ago

Versions:

@inertiajs/core version: #.#.#
@inertiajs/vue2 version: #.#.#
@inertiajs/vue3 version: #.#.#
@inertiajs/react version: #.#.#
@inertiajs/svelte version: #.#.#

Describe the problem:

Ineria core running on axios 1.2.0 Please update to 1.6.5

Steps to reproduce:

run npm audit

npm audit report

axios 0.8.1 - 1.5.1 Severity: moderate Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx No fix available node_modules/@inertiajs/inertia/node_modules/axios @inertiajs/inertia Depends on vulnerable versions of axios node_modules/@inertiajs/inertia @inertiajs/inertia-vue3 Depends on vulnerable versions of @inertiajs/inertia node_modules/@inertiajs/inertia-vue3

3 moderate severity vulnerabilities

Some issues need review, and may require choosing a different dependency.

vitalijalbu commented 5 months ago

@reinink any future updates on this??

shengslogar commented 4 months ago

Should be addressed by #1723

reinink commented 4 months ago

Yep, thanks @shengslogar — this one has been fixed in #1723 👍