Server-Side Request Forgery in axios (CVE-2024-39338) - update to axios 1.7.4 needed

[MikeMcC399]

Server-Side Request Forgery in axios reports a High Severity vulnerability in the npm package axios >= 1.3.2, <= 1.7.3

wait-on is currently configured with https://github.com/jeffbski/wait-on/blob/a10322fc3420a31dd93e8dc57fb0fb34fc9ad645/package.json#L40-L41

To avoid use of vulnerable versions of axios, I suggest that wait-on update to axios@^1.7.4.

Workaround

For npm environments:

npm audit fix

[markrzen]

@jeffbski Any chance you would be interested in adding a contributor to this project to help keep it updated?

[MikeMcC399]

Related to this issue and addressed to @jeffbski

• Are you planning to update axios yourself to resolve this issue?
• If somebody else submits a PR to update axios would you review and merge it?

[MikeMcC399]

• Resolved by https://github.com/jeffbski/wait-on/pull/162
• Released in https://github.com/jeffbski/wait-on/releases/tag/v8.0.0