Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

upgrade axios to v1.6.0 #104

Merged
merged 2 commits into from
Oct 29, 2023
Merged

upgrade axios to v1.6.0 #104

merged 2 commits into from
Oct 29, 2023

Conversation

gcagle3
Copy link
Contributor

@gcagle3 gcagle3 commented Oct 27, 2023

The version of axios currently used by logzio-nodejs, 0.27.2, is vulnerable to CVE 2023 45857. Snyk is flagging this as a high vulnerability: https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Axios has patched this in version 1.6.0 as of yesterday.

Opening this PR to bump the axios version to resolve the security issue.

@gcagle3 gcagle3 mentioned this pull request Oct 27, 2023
@yotamloe yotamloe self-requested a review October 29, 2023 09:42
Copy link
Contributor

@yotamloe yotamloe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gcagle3 Thanks for your contribution!

@yotamloe yotamloe merged commit c071b80 into logzio:master Oct 29, 2023
2 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants