npm audit vuln moderate: axios has to be bumped to 0.18.1

Question

npm audit vuln moderate: axios has to be bumped to 0.18.1

robiXxu opened this issue 4 years ago · 6 comments

                                                                                
                       === npm audit security report ===                        
                                                                                
┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Denial of Service                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ axios                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.18.1                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ analytics-node                                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ analytics-node > axios                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/880                             │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 moderate severity vulnerability in 774 scanned packages
  1 vulnerability requires manual review. See the full report for details.

Answer 1 · 2020-10-29T14:25:43.000Z

@pooyaj Looks like this is already fixed in 3.4.X, but it's still in beta. Is there a timeline for a release version of the 3.4.X line?

Answer 2 · 2020-10-29T15:58:24.000Z

@louib I will publish a non-beta minor version shortly. Just making sure there are no reports of axios issues.

Answer 3 · 2020-10-29T16:02:19.000Z

@pooyaj thanks a lot for the prompt response, will keep an eye out for the release!

Answer 4 · 2021-01-05T17:29:19.000Z

@pooyaj happy new year! Any updates on the new release?

Answer 5 · 2021-01-06T20:31:05.000Z

@louib this is done!

Answer 6 · 2021-01-06T20:32:59.000Z

@pooyaj awesome, thx a lot!