Need to update axios - Githubissues

jeffbski / wait-on

wait-on is a cross-platform command line utility and Node.js API which will wait for files, ports, sockets, and http(s) resources to become available

MIT License

1.87k stars 77 forks source link

Need to update axios #149

Open minerjed opened 1 year ago

minerjed commented 1 year ago

Severity: moderate Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx node_modules/axios wait-on >=5.0.0-rc.0 Depends on vulnerable versions of axios node_modules/wait-on

2 moderate severity vulnerabilities

AndrewMax commented 1 year ago

@minerjed I opened a PR four days ago to fix this.

minerjed commented 1 year ago

Sorry missed that. I thought axios needed to be updated to 1.6.1 but I see that 1.6.0 has been patched also.

grenmath commented 1 year ago

still not patched ?

marioleed commented 1 year ago

When is this released?

wvanderdeijl commented 1 year ago

Duplicate of #143

wvanderdeijl commented 11 months ago

Seems to be fixed in #147

MikeMcC399 commented 3 months ago

@minerjed

Would you like to close your issue which is resolved? I added a new issue for a newly discovered vulnerability https://github.com/jeffbski/wait-on/issues/159

MikeMcC399 commented 2 months ago

This issue is also resolved by https://github.com/jeffbski/wait-on/pull/162, so it should be closed.