pump axios dependency (npm audit report warning)

jens-maus / node-ical

NodeJS class for parsing iCalendar/ICS files

Apache License 2.0

118 stars 50 forks source link

pump axios dependency (npm audit report warning) #328

Closed hkjeffchan closed 4 weeks ago

hkjeffchan commented 1 month ago

2 high severity vulnerabilities were detected because of this. Thanks.

axios >=1.3.2 Severity: high Server-Side Request Forgery in axios - https://github.com/advisories/GHSA-8hc4-vh64-cxmj fix available via npm audit fix --force Will install axios@1.3.1, which is a breaking change node_modules/axios node_modules/node-ical/node_modules/axios node-ical >=0.16.0 Depends on vulnerable versions of axios node_modules/node-ical

2 high severity vulnerabilities

jens-maus commented 4 weeks ago

done by #330

hkjeffchan commented 3 weeks ago

@jens-maus Possible to release a new version (0.18.1) to npm for all the dependency pump?