-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
axios 0.19 is vulnerable #116
Comments
@nothingismagick can you confirm which errors it is introducing and whether npq is affected by this? |
|
The thing is that 0.19 was rushed out the door without real testing and tons of beta / alpha quality code was shipped - which broke a number of interfaces. This has been widely known for about 6 months. |
I see. Is there any benefit then in pinning it down if it doesn't affect us? |
I don't know what your plans are - but my concern is that there may be other as yet undiscovered vulnerabilities lying in wait. 0.18.1 ONLY fixed the vulnerability about evil remotes not hanging up. |
I would leave as is unless we see something specific |
Okey dokey. |
Nonetheless, appreciate the heads up! |
The bug that 0.19 sought to resolve introduced other errors. You can continue to use it the way you are doing - but it's safer to pin to =0.18.1.
The text was updated successfully, but these errors were encountered: