Closed pit999 closed 3 weeks ago
Hi! I'd recommend upgrading to the latest webdav
as it's better to use fetch where available.
I'd accept a PR to update axios in v4 but don't have the bandwidth to do that myself right now.
I have the same problem as in issue #374. Using ESM Module I get the same error. Using feathers framework. I will check with the feathers developers how to solve that. Version 4 works fine :-) I read that you will deliver security updates for version 4, so I thought that's safe to use version 4.
Still on 4. Is it possible to patch up 4 please?
The update is taking longer than expected as I have to update to the new major version of axios, from 0->1, which is hardly a patch..
I'll try to get it out today.
I'm not sure that upgrading Axios for v4 will be possible, as it's a major update and the update has breaking changes (node support). Please see my PR: #386
I updated deps and fixed what vulnerabilities were possible. Axios' moderate level vulnerability is less than ideal but it's the best that they're providing for v0, and due to that, I can't fix it on this side. If they release a patch for v0, which I doubt they will, I'll update it here.
Understood. Any chance to add common JS support on 5.
Yeah CJS will make a comeback. It's just a bit of work as I'm not sure that Webpack is capable of it - CJS/ESM across the browser and node builds. Changing to rollup would work but that's a larger change. Let's see..
axios 0.8.1 - 0.27.2 Severity: moderate Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx fix available via
npm audit fix --force
Will install webdav@5.7.1, which is a breaking change node_modules/webdav/node_modules/axios webdav 2.0.0-rc1 - 4.11.3 Depends on vulnerable versions of axios node_modules/webdav