Update axios to `1.6.0` to make it possible to get a security fix

Question

Update axios to `1.6.0` to make it possible to get a security fix

stefreak opened this issue a year ago · 2 comments

I get the following error in Dependabot to resolve a security alert for axios:

Axios Cross-Site Request Forgery Vulnerability

Dependabot cannot update axios to a non-vulnerable version
The latest possible version that can be installed is 0.27.2 because of the following conflicting dependencies:

analytics-node@6.2.0 requires axios@^0.27.2
The lockfile might be out of sync?
The earliest fixed version is 1.6.0.

Answer 1 · 2023-11-13T16:11:24.000Z

Ah, I just saw that this package is deprecated. Will try switching to https://github.com/segmentio/analytics-next/tree/master/packages/node

Answer 2 · 2024-01-09T20:36:04.000Z

@stefreak Thanks for maintaining this package. Any word on when we can expect the update?