Update axios dependency due to security vulnerability

Question

Update axios dependency due to security vulnerability

sceee opened this issue 3 years ago · 3 comments

This is the same issue as in siddharthkp/bundlesize#369

Do you want to request a feature or report a bug?
Report an outdated, vulnerable dependency.

What is the current behavior?
axios is not updated to a fixed version for the following advisory ( https://www.npmjs.com/advisories/1594 ) as github-build depends on axios ^0.19.0 which prevents npm from updating the dependency to 0.21.1 or higher.

If the current behavior is a bug, please provide the steps to reproduce.
N/A

What is the expected behavior?
axios dependency is updated to >=0.21.1 to depend on a version that fixes the following advisory: https://www.npmjs.com/advisories/1594

If this is a feature request, what is motivation or use case for changing the behavior?
N/A

Please mention other relevant information.
N/A

abbyblachman commented 3 years ago

+1

emilyyount commented 3 years ago

+1

Answer 1 · 2021-01-07T13:13:46.000Z

Fixed in #13