-
-
Notifications
You must be signed in to change notification settings - Fork 180
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update axios dependency due to security vulnerability #369
Comments
Additional note, there are two paths
|
+1 |
4 similar comments
+1 |
+1 |
+1 |
+1 |
Fixed in bundlesize@0.18.1 |
Also fixed in https://github.com/siddharthkp/bundlesize2 |
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Do you want to request a feature or report a bug?
Report an outdated, vulnerable dependency.
What is the current behavior?
axios
is not updated to a fixed version for the following advisory ( https://www.npmjs.com/advisories/1594 ) asbundlesize
depends onaxios
^0.19.0
which prevents npm from updating the dependency to0.21.1
or higher.If the current behavior is a bug, please provide the steps to reproduce.
N/A
What is the expected behavior?
axios
dependency is updated to >=0.21.1 to depend on a version that fixes the following advisory: https://www.npmjs.com/advisories/1594If this is a feature request, what is motivation or use case for changing the behavior?
N/A
Please mention other relevant information.
N/A
The text was updated successfully, but these errors were encountered: