Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[transactional-node] Bump axios to 1.3 #318

Closed
wants to merge 1 commit into from
Closed

[transactional-node] Bump axios to 1.3 #318

wants to merge 1 commit into from

Conversation

Naddiseo
Copy link

Description

Update the transactional-node dependency on axios to the latest version.

Known Issues

There doesn't seem to any known issues, or issues upgrading. The current usage of axios in the node-transactional package is limited to axios.post().then().catch() which doesn't seem to have changed between v0.2 and v1.3

@cla-bot
Copy link

cla-bot bot commented Nov 15, 2022

Contributor License Agreement Instructions
Thanks for your pull request. Before we can review your work, you’ll need to sign a Contributor License Agreement (CLA).

Please download the appropriate CLA below. Once downloaded, please read, sign, and send back to us at [email protected]. Please note, this account is not monitored so please visit https://mailchimp.com/contact/ if you need support.

Individual CLA: Mailchimp Individual CLA
Corporate CLA: Mailchimp Corporate CLA

Once you’ve emailed us the signed CLA, please reply here (e.g. CLA signed and sent!) and we’ll verify it.

What to do if you already signed the CLA
Individual signers
• If you’ve previously sent us a signed CLA, please reply here letting us know and we’ll verify. If we are unable to verify, It’s possible we don’t have your GitHub username or you’re using a different email address on your Git commit. Check that the CLA you previously submitted was sent to us using the email address associated with your GitHub username and verify that your email is set on your Git commits.
Corporate signers
• Your company has a Point of Contact (POC) who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you’ve previously sent us an updated CLA, please reply here letting us know and we’ll verify.
• The email used to register you as an authorized contributor must be the email used for the Git commit.
• The email used to register you as an authorized contributor must also be attached to your GitHub account.

@zsabra
Copy link

zsabra commented Nov 25, 2022

Please prioritize merging this. There is a high severity vulnerability in axios 0.21.2 that would be nice for consumers of this library to avoid.

Might I suggest making it a peer dependency? If the usage is as limited in scope as you say, it would be nice to allow consumers of this library to override the version of Axios used. Then if a security vulnerability comes up, the consumer can force the mailchimp client to use a newer version (at their own risk)

@webkod3r
Copy link
Contributor

webkod3r commented Feb 9, 2024

Axios upgraded on this PR #349 and a new version was released as well

@webkod3r webkod3r closed this Feb 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Naddiseo @zsabra @webkod3r