analytics-node icon indicating copy to clipboard operation
analytics-node copied to clipboard
verified publisher icon segmentio

Update axios to `1.6.0` to make it possible to get a security fix

Open stefreak opened this issue 2 years ago • 2 comments

I get the following error in Dependabot to resolve a security alert for axios:

Axios Cross-Site Request Forgery Vulnerability

Dependabot cannot update axios to a non-vulnerable version
The latest possible version that can be installed is 0.27.2 because of the following conflicting dependencies:

[email protected] requires axios@^0.27.2
The lockfile might be out of sync?
The earliest fixed version is 1.6.0.

stefreak avatar Nov 13 '23 16:11 stefreak

Ah, I just saw that this package is deprecated. Will try switching to https://github.com/segmentio/analytics-next/tree/master/packages/node

stefreak avatar Nov 13 '23 16:11 stefreak

@stefreak Thanks for maintaining this package. Any word on when we can expect the update?

wf-ankit avatar Jan 09 '24 20:01 wf-ankit