search

kontent-ai / delivery-sdk-js

Kontent Delivery SDK for Javascript
https://kontent.ai
MIT License
50 stars 34 forks source link

vulnerability in follow-redirects package as dependency of axios package #387

Closed sajcics closed 6 months ago

sajcics commented 7 months ago

Brief bug description

What went wrong? axios 1.6.2. reports that has vulnerable package follow-redirects 1.15.0.

Repro steps

  1. run npm audit to check vulnerabilities
  2. upgrade axios to newest version 1.6.7

Expected behavior

What is the correct behavior? To not have vulnerability packages.

Test environment

IvanKiral commented 6 months ago

hey @sajcics. It seems that this will be fixed in newers versions https://github.com/axios/axios/issues/6165 I will update it :)

Enngage commented 6 months ago

Fixed and released in 14.7.0