Axios dependency has vulnerability

[bj00rn]

Do you want to request a feature or report a bug?

BUG

What is the current behavior?

If the current behavior is a bug, please provide the steps to reproduce.

What is the expected behavior?

If this is a feature request, what is motivation or use case for changing the behavior?

Please mention other relevant information.

• node version: 10x
• Operating system
• bundlesize version: 0.18.1

[siddharthkp]

PR welcome!

[bj00rn]

@siddharthkp lot's of open PRs here though, is this being maintained?

also dependencybot will do a good job at keeping up with these things, maybe enable it?

[siddharthkp]

lot's of open PRs here though, is this being maintained?

sometimes, for moments like these

[bj00rn]

did #381

tests are failing locally though, no idea why, does not seem related to axios

also I noticed github-builder is in dependencies and depends on axios. Needs fixing or move to devDependencies if not used

[siddharthkp]

github-build is definitely used :)

[poojagunturu96]

I submitted a PR for this as well #382, based off of @bj00rn's PR. I also updated github-build as it was also dependent on axios. Local tests were passing.

[ruZZintl]

lot's of open PRs here though, is this being maintained?

sometimes, for moments like these

Please update these dependencies due to vulnerabilities. Thanks.

[palashmon]

Fixed in PR #382