-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
security vulnerability in axios SNYK-JS-AXIOS-6032459 #1096
Comments
looks like axios are on it axios/axios#6022 |
Hi @mishabruml! We've had issues bumping axios in the past, because its move to ESM was not working properly with our standalone binary. Also, the latest fix that was published by axios seems to be a breaking change: axios/axios#6028 (comment) From the maintainer of axios:
This is only a vulnerability when |
I can see the ESM issues and don't really like to fix such issues in projects of my company. |
This is now causing failures on all scans that use datadog plugins, when can we expect a fix for this? |
Hi, just a heads up: we are working on it, a PR is being reviewed. |
@Drarig29 thanks for this, could you re-open the issue until this is released? 😄 |
@mishabruml you can now use v2.23.1 |
Bug description
https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
Looks like it's not fixed at the moment in axios but I suppose it will be soon.
As an aside, the current version 0.21.4 used in this package is around 2 years old, is there any reason it couldn't be updated to the latest version 1.5.1? It would mean a major version change, there doesn't seem to be official breaking changes guide, there are some community ones though - see axios/axios#4996
Describe what you expected
No response
Steps to reproduce the issue
No response
Additional context
No response
Command
None
The text was updated successfully, but these errors were encountered: