[WIP] Bump axios to ^1.4.0

zendesk / zcli

A command-line tool for Zendesk

https://developer.zendesk.com

Apache License 2.0

56 stars 18 forks source link

[WIP] Bump axios to ^1.4.0 #197

Open JeanMarcGoepfert opened 11 months ago

JeanMarcGoepfert commented 11 months ago

Description

`5b43c69` Bump axios to ^1.4.0

Detail

Checklist

[ ] :guardsman: includes new unit and functional tests

JeanMarcGoepfert commented 11 months ago

I didn't realise we have replaced node-fetch with axios over time, I wonder why we replaced a minimalistic, light weight library with a dependency heavy library that shines in a browser based environment, considering this is a CLI tool 🤔

Looks like it changed in this PR but no clear reason given 🤷.

token-cjg commented 1 week ago

If I recall correctly I believe that the node-fetch -> axios change was made for security reasons, there were vulnerabilities with node-fetch that axios didn't have at the time.