update axios version #1229
update axios version #1229
Conversation
| @@ -19,7 +19,7 @@ | |||
| "xml-crypto": "^3.0.0" | |||
| }, | |||
| "peerDependencies": { | |||
| "axios": "^0.27.2" | |||
| "axios": ">=1.5.0" | |||
There was a problem hiding this comment.
Still not sure why this is a peer dependency. This module CAN NOT function without axios, it clearly is a dependency, lol
There was a problem hiding this comment.
That point is no longer valid. this package can easily state that it directly depends on axios >= 1.5.0
In my project I would be able to use any axios version that satisfies the constraint
|
Any update? can this be merged? |
|
Bump |
|
@jsdevel +1 |
|
We would also appreciate the PR merge 👍 as there is a known vulnerability for the axios version that is in use. See GitHub's advisory: GHSA-wf5p-g6vw-rhxx |
|
This dependency vulnerability is a show stopper for our app, without being able to update axios our app won't pass it's pipeline vulnerability scans. |
|
This PR with essentialy the same goal is open for almost one year: #1212 (has also been kept up to date). I think this project is dead and needs to be forked. |
|
Is there already a fork of this repo that is updated? |
|
Any update? can this be merged? |
|
Why did the developers decide to stop at 999 commits? Because they got tired of counting and thought it would be more impressive to start the next thousand with a fresh cup of coffee! 😃 |
|
Please can this get approved. It's the only package left in my project that has a dependancy on this old version of axios, all other packages have updated |
|
Can you release it ? |
|
Bump. Can this please get merged and released. |
|
Same here still waiting for this to be merged and released 👍 |
|
Bump! |
|
Please merge it ❤️ |
|
Bump! |
|
This really needs to be merged since older axios versions are having vulnerabilities. |
|
Bump! |
|
Guys, it is probably better to use another lib, since the author do not seems to be active and probably do not care. If a vulnerability is discovered tomorrow, we can't wait for the author to merge the fix in 3 months. This lib should be marked as deprecated or inactive. Maybe we should ask NPM to pressure them if they want to keep their package active. |
|
@Dragonox77, could you suggest any other lib that we can use here? |
https://www.npmjs.com/package/strong-soap (updated 7 days ago) |
|
I agree with @Dragonox77, we are moving to another library. |
|
Thank you for merging, @vpulim ! 👍 Looking forward to the release. |
|
@vpulim Any update on the release please? |
|
Hi All, I will be helping to maintain this project for some time, discussing details with @vpulim atm. Hopefully I will release this soon. |
No description provided.