Open ahmedtausif opened 8 months ago
@robinheinze Any chance this could be merged and released?
We've had to disable npm audit on PRs due to this (since it reports Severity: moderate Follow Redirects improperly handles URLs in the url.parse() function - https://github.com/advisories/GHSA-jchw-25xp-jwwc
)
Are there any updates on this?
According to CVE-2024-39338 we should update to 1.7.4 or higher
I'm at the React Universe conference and Infinite Red has a stand here, I'll try to nag them about this later :)
They are open to complete this, but with this new info on 1.7.4 instead of 1.6.5, the PR should perhaps be updated if the OP is still around? If not perhaps create a new one?
According to CVE-2024-39338 we should update to 1.7.4 or higher
Back on my laptop now. I did not spot it on my mobile, but I see that it is a different issue than this was originally about (https://github.com/advisories/GHSA-jchw-25xp-jwwc), but I don't see any breaking changes in the axios changelog so it would be cool to just go all the way to latest 1.7.x.
@ahmedtausif You around?
This PR updates axios package to 1.6.5 to address
Ran following commands: