New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSRF vulnerability in axios version < 0.21.1 #299
Comments
We are on axios v0.21.1 in this library. |
@scottwittenburg if you want to create a new release in this repo, feel free and I'll publish it. |
Ah, sorry for the noise, I thought I had checked the version you were using. What would I do to create a new release? Thanks. |
Just go into |
Done in #300, thanks @zachmullen! |
Our project has a transitive dependency on
axios
via this project. A couple days ago, we started seeing high severity dependabot alert regarding axios versions< 0.21.1
.I can make a PR simply updating the version, but as a lot of folks have started moving to the latest version of
axios
, at least one report came in about some features maybe not working the same after moving from0.19
to0.21
. I have no idea whether this project would be affected by that, or if transition would be smooth.Here's the original
axios
issue, and a link to the more recent issue created after people started picking up the fix.Please let me know what I can do to help.
The text was updated successfully, but these errors were encountered: