Skip to content
This repository has been archived by the owner on Feb 13, 2024. It is now read-only.

Update axios to 1.6.0 to make it possible to get a security fix #374

Open
stefreak opened this issue Nov 13, 2023 · 2 comments
Open

Update axios to 1.6.0 to make it possible to get a security fix #374

stefreak opened this issue Nov 13, 2023 · 2 comments

Comments

@stefreak
Copy link

I get the following error in Dependabot to resolve a security alert for axios:

Axios Cross-Site Request Forgery Vulnerability

Dependabot cannot update axios to a non-vulnerable version
The latest possible version that can be installed is 0.27.2 because of the following conflicting dependencies:

analytics-node@6.2.0 requires axios@^0.27.2
The lockfile might be out of sync?
The earliest fixed version is 1.6.0.
@stefreak stefreak changed the title Update axios to make it possible to get a security fix Update axios to 1.6.0 to make it possible to get a security fix Nov 13, 2023
@stefreak
Copy link
Author

Ah, I just saw that this package is deprecated. Will try switching to https://github.com/segmentio/analytics-next/tree/master/packages/node

@wf-ankit
Copy link

wf-ankit commented Jan 9, 2024

@stefreak Thanks for maintaining this package. Any word on when we can expect the update?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stefreak @wf-ankit