-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
update axios version #1229
update axios version #1229
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you please eliminate the spaces (indentation) so it is easier to see what the changes are?
@@ -19,7 +19,7 @@ | |||
"xml-crypto": "^3.0.0" | |||
}, | |||
"peerDependencies": { | |||
"axios": "^0.27.2" | |||
"axios": ">=1.5.0" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Still not sure why this is a peer dependency. This module CAN NOT function without axios, it clearly is a dependency, lol
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That point is no longer valid. this package can easily state that it directly depends on axios >= 1.5.0
In my project I would be able to use any axios version that satisfies the constraint
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any news about this? can we merge this
Any update? can this be merged? |
Bump |
@jsdevel +1 |
We would also appreciate the PR merge 👍 as there is a known vulnerability for the axios version that is in use. See GitHub's advisory: GHSA-wf5p-g6vw-rhxx |
This dependency vulnerability is a show stopper for our app, without being able to update axios our app won't pass it's pipeline vulnerability scans. |
This PR with essentialy the same goal is open for almost one year: #1212 (has also been kept up to date). I think this project is dead and needs to be forked. |
Is there already a fork of this repo that is updated? |
Any update? can this be merged? |
Why did the developers decide to stop at 999 commits? Because they got tired of counting and thought it would be more impressive to start the next thousand with a fresh cup of coffee! 😃 |
Please can this get approved. It's the only package left in my project that has a dependancy on this old version of axios, all other packages have updated |
Can you release it ? |
Bump. Can this please get merged and released. |
Same here still waiting for this to be merged and released 👍 |
Bump! |
Please merge it ❤️ |
Bump! |
This really needs to be merged since older axios versions are having vulnerabilities. |
Bump! |
Guys, it is probably better to use another lib, since the author do not seems to be active and probably do not care. If a vulnerability is discovered tomorrow, we can't wait for the author to merge the fix in 3 months. This lib should be marked as deprecated or inactive. Maybe we should ask NPM to pressure them if they want to keep their package active. |
@Dragonox77, could you suggest any other lib that we can use here? |
https://www.npmjs.com/package/strong-soap (updated 7 days ago) |
I agree with @Dragonox77, we are moving to another library. |
Thank you for merging, @vpulim ! 👍 Looking forward to the release. |
@vpulim Any update on the release please? |
Hi All, I will be helping to maintain this project for some time, discussing details with @vpulim atm. Hopefully I will release this soon. |
No description provided.