Security Vulnerability in Axios package

jjangga0214 / hasura-cli

Hasura CLI as an npm package

https://www.npmjs.com/package/hasura-cli

90 stars 27 forks source link

Security Vulnerability in Axios package #112

Closed roninCode closed 8 months ago

roninCode commented 8 months ago

I'm getting a dependabot error when using "hasura-cli": "^2.33.4":

Axios Cross-Site Request Forgery Vulnerability

The latest possible version that can be installed is 0.21.4 because of the following conflicting dependency:

hasura-cli@2.35.1 requires axios@^0.21.1

I see that Axios is locked to versions prior to 1: https://github.com/jjangga0214/hasura-cli/blob/master/package.json#L93

It looks like: The earliest fixed version is 1.6.0 - any way to update Axios to resolve this issue?

jjangga0214 commented 8 months ago

Hi! It's resolved by #110 Thanks for reporting :)

some-user123 commented 5 months ago

Thanks for fixing this! However, a patched version seems not to be released yet. Any plans?