Skip to content

[CHORE] Update Axios >=0.21.1 #7

New issue
New issue
Open
Open
[CHORE] Update Axios >=0.21.1#7
@TheLoneRonin

Description

@TheLoneRonin
TheLoneRonin
opened on Jan 24, 2021

Description

  • Axios outdated and has a security vulnerability

Debug Log as shown here:

│ high          │ Server-Side Request Forgery                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ axios                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in>=0.21.1                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ arweave-bundles                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ arweave-bundles > arweave > axios                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1594                        │

Solution

Can update the package.json and yarn.lock file with.

yarn add axios

And then republish as a new npm version.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions