-
Notifications
You must be signed in to change notification settings - Fork 233
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade axios dependency to latest verison #200
Comments
Hey @mikelax if you have the time, PRs are welcome, otherwise I will get to this on our next release 👍 |
@mikelax is there something you need from this axios |
@davidpatrick at first I thought it was related to a snyk cve, but after double checking I don't see anything, so it can be considered a general bump. I did notice that version |
@davidpatrick, #206 updates to Doing an
Should we update to |
I agree, as long as we are upgrading the lib might as well go to the latest version and fix the cve. |
This version fixes an SSRF vulnerability: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28168 The changelog since 0.20.0 seems reasonable: https://github.com/axios/axios/blob/a64050a6cfbcc708a55a7dc8030d85b1c78cdf38/CHANGELOG.md#0211-december-21-2020 Closes auth0#200.
This version fixes an SSRF vulnerability: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28168 The changelog since 0.20.0 seems reasonable: https://github.com/axios/axios/blob/a64050a6cfbcc708a55a7dc8030d85b1c78cdf38/CHANGELOG.md#0211-december-21-2020 Closes #200.
Describe the problem you'd like to have solved
The latest version of axios is currently
0.21.0
. This library should upgrade to the latest version of axios, assuming the plan is to stick with axios as opposed to switching to another library for making HTTP requests.Describe the ideal solution
Upgrade to axios version
0.21.0
The text was updated successfully, but these errors were encountered: