search

jeffbski / wait-on

wait-on is a cross-platform command line utility and Node.js API which will wait for files, ports, sockets, and http(s) resources to become available
MIT License
1.87k stars 77 forks source link

[Security] Axios version raising security issues #110

Open Abhishek-kumar09 opened 2 years ago

Abhishek-kumar09 commented 2 years ago

https://github.com/jeffbski/wait-on/blob/21e8d7c633278ace56e7084c4d9cc2659f193768/package.json#L41

So the older version of axios is being used as a dependency for the project that raises the security issues.

image

s100 commented 2 years ago

Reportedly axios@0.25 has CVE-2022-1214 in it so another upgrade may be in order.

joergplewe commented 2 years ago

Also getting a security warning. Will it be possible to upgrade to axios@0.26?

seanputera commented 1 year ago

Also getting a vulnerability warning from Snyk. The remedy is to upgrade Axios to 1.6.0. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

wvanderdeijl commented 11 months ago

Seems to be fixed in #147