Need to upgrade Axios dependency v1.7.9 in durable-functions #625
Description
Describe the bug
“durable-functions“ 3.1.0 : npm: durable-functions
This version forcibly restores "axios": "1.7.2" in NodeJs Azure function.
Expected to be restoring latest version of "axios": "1.7.9"due the “^” used in the versioning.
"^" is not playing the role of installing the latest Axios version in Azure function, but works locally.
Required: Axios versions below "1.7.2" has security vulnerability which is fixed in axios v1.7.4 +
Link: GHSA-8hc4-vh64-cxmj
Query: Why Axios is downgraded to to v 1.6,1 in “durable-functions“ v3.1.0 ?
Investigative information
- Durable Functions extension version: v3.1.0
- durable-functions npm module version:
- Language (JavaScript/TypeScript) and version: Typescript
- Node.js version: v22.13.1
If deployed to Azure App Service
Steps to reproduce the behavior:
- Create a sample Node js project
- Install durable-functions“ 3.1.0
- Check "SampleNodeJsProject\node_modules\durable-functions\package.json"
- Observe "axios": "^1.6.1" in "dependencies" section
- Development environment : Vs Code
Regards,
Shivanand B. Yarnal