Update axios dependency due to security vulnerability

[sceee]

Do you want to request a feature or report a bug?
Report an outdated, vulnerable dependency.

What is the current behavior?
axios is not updated to a fixed version for the following advisory ( https://www.npmjs.com/advisories/1594 ) as bundlesize depends on axios ^0.19.0 which prevents npm from updating the dependency to 0.21.1 or higher.

If the current behavior is a bug, please provide the steps to reproduce.
N/A

What is the expected behavior?
axios dependency is updated to >=0.21.1 to depend on a version that fixes the following advisory: https://www.npmjs.com/advisories/1594

If this is a feature request, what is motivation or use case for changing the behavior?
N/A

Please mention other relevant information.
N/A

[sceee]

Additional note, there are two paths bundlesize pulls in axios, one being direct and one being transient:

• bundlesize > axios
• bundlesize > github-build > axios

[abbyblachman]

+1

[emilyyount]

+1

[dcosta-ptc]

+1

[bartek-kisielewicz]

+1

[RichardWright]

+1

[siddharthkp]

Fixed in bundlesize@0.18.1

[siddharthkp]

Also fixed in https://github.com/siddharthkp/bundlesize2