search

jeffbski / wait-on

wait-on is a cross-platform command line utility and Node.js API which will wait for files, ports, sockets, and http(s) resources to become available
MIT License
1.87k stars 77 forks source link

fix: update axios to 1.6.1 to fix CVE-2023-45857 #147

Closed AndrewMax closed 1 year ago

AndrewMax commented 1 year ago

Axios was recently updated to fix CVE-2023-45857. This PR is to update to axios 1.6.0.

tahaiftekhar commented 1 year ago

This should be merged sooner rather than later

seanputera commented 1 year ago

Thank you!

AndrewMax commented 1 year ago

@jeffbski Can this get some attention please? Thanks a lot.

For more context: CVE-2023-45857 (CWE-359) XSRF-TOKEN value is disclosed to an unauthorised actor, fixed in axios 1.6.0.

pat-s commented 1 year ago

And update and a subsequent release would be great!

benasher44 commented 1 year ago

Guess we'll just have to wait-on this PR.

wellwelwel commented 1 year ago

Tested locally and worked perfectly 🚀

littleamigo commented 1 year ago

I hope this gets merged soon and then released! Looking forward...

jeffbski commented 1 year ago

Thanks @AndrewMax for the PR and for those that confirmed it. It is published to wait-on@7.2.0

https://github.com/jeffbski/wait-on/releases/tag/v7.2.0