Update axios dependency due to security vulnerability
sceee opened this issue · 3 comments
This is the same issue as in siddharthkp/bundlesize#369
Do you want to request a feature or report a bug?
Report an outdated, vulnerable dependency.
What is the current behavior?
axios
is not updated to a fixed version for the following advisory ( https://www.npmjs.com/advisories/1594 ) as github-build
depends on axios
^0.19.0
which prevents npm from updating the dependency to 0.21.1
or higher.
If the current behavior is a bug, please provide the steps to reproduce.
N/A
What is the expected behavior?
axios
dependency is updated to >=0.21.1 to depend on a version that fixes the following advisory: https://www.npmjs.com/advisories/1594
If this is a feature request, what is motivation or use case for changing the behavior?
N/A
Please mention other relevant information.
N/A
+1
+1
Fixed in #13