Skip to content

Commit

Permalink
Bump version of axios to fix CVE-2024-28849 and others.
Browse files Browse the repository at this point in the history 
This CVE is associated with `follow-redirects`, which is brought in by `axios`, so bumping `axios` to version 1.7.5 brings in the updated version of `follow-redirects` (1.15.6) without the vulnerability. This also resolves [another CVE here](groupdocs-conversion-cloud#9).
  • Loading branch information
@schalkwijk
schalkwijk committed Aug 28, 2024
1 parent 8c3adce commit c3d7de9
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 10 deletions.
19 changes: 10 additions & 9 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@
"build:package": "npm pack"
},
"dependencies": {
"axios": "1.6.2",
"axios": "1.7.5",
"form-data": "*",
"jsonwebtoken": "9.0.1",
"qs": "6.11.2"
Expand Down

0 comments on commit c3d7de9

Please sign in to comment.