Open ahmedtausif opened 8 months ago
eithe
commented
6 months ago @robinheinze Any chance this could be merged and released?
We've had to disable npm audit on PRs due to this (since it reports Severity: moderate Follow Redirects improperly handles URLs in the url.parse() function - https://github.com/advisories/GHSA-jchw-25xp-jwwc)
atrinidad-hu
commented
2 months ago Are there any updates on this?
janwiebe-jump
commented
1 week ago According to CVE-2024-39338 we should update to 1.7.4 or higher
eithe
commented
1 week ago I'm at the React Universe conference and Infinite Red has a stand here, I'll try to nag them about this later :)
eithe
commented
1 week ago They are open to complete this, but with this new info on 1.7.4 instead of 1.6.5, the PR should perhaps be updated if the OP is still around? If not perhaps create a new one?
eithe
commented
1 week ago According to CVE-2024-39338 we should update to 1.7.4 or higher
Back on my laptop now. I did not spot it on my mobile, but I see that it is a different issue than this was originally about (https://github.com/advisories/GHSA-jchw-25xp-jwwc), but I don't see any breaking changes in the axios changelog so it would be cool to just go all the way to latest 1.7.x.
@ahmedtausif You around?
This PR updates axios package to 1.6.5 to address
Ran following commands: