Axios has a dependency of follow-redirects which has a vulnerability in it. Axios has updated its packages to a version that doesn't include the vulnerability but now we need sendgrid to update Axios to match this.
follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials too. This vulnerability may lead to credentials leak, but has been addressed in version 1.15.6. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Axios has updated to 1.15.6 in their most recent patch of 1.6.8 which should remedy this
Checklist
[x] I acknowledge that all my contributions will be made under the project's license
[x] I have made a material change to the repo (functionality, testing, spelling, grammar)
Fixes
Axios has a dependency of follow-redirects which has a vulnerability in it. Axios has updated its packages to a version that doesn't include the vulnerability but now we need sendgrid to update Axios to match this.
follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials too. This vulnerability may lead to credentials leak, but has been addressed in version 1.15.6. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Axios has updated to 1.15.6 in their most recent patch of 1.6.8 which should remedy this
Checklist
If you have questions, please file a support ticket.