Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade axios to ^1.6.4 #534

Closed
2 tasks
nishikawa2410 opened this issue Feb 14, 2024 · 1 comment · Fixed by #535
Closed
2 tasks

upgrade axios to ^1.6.4 #534

nishikawa2410 opened this issue Feb 14, 2024 · 1 comment · Fixed by #535
Labels
feature-request A feature should be added or improved. p1 This is a high priority issue pending-release This issue will be fixed by an approved PR that hasn't been released yet.

Comments

@nishikawa2410
Copy link

Describe the feature

Please upgrade to 1.6.4 or higher version.

Use Case

axios in 1.6.0 is vulnerable to Prototype Pollution via the formDataToJSON function.
The vulnerability is reported in the following pages.
https://security.snyk.io/vuln/SNYK-JS-AXIOS-6144788

Proposed Solution

No response

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change
@nishikawa2410 nishikawa2410 added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Feb 14, 2024
@jmklix jmklix mentioned this issue Feb 14, 2024
Merged
@jmklix
Copy link
Member

jmklix commented Feb 14, 2024

Thanks for pointing this out. Testing this PR

@jmklix jmklix added pending-release This issue will be fixed by an approved PR that hasn't been released yet. p1 This is a high priority issue and removed needs-triage This issue or PR still needs to be triaged. labels Feb 14, 2024
@jmklix jmklix linked a pull request Feb 14, 2024 that will close this issue
update axios version #535
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request A feature should be added or improved. p1 This is a high priority issue pending-release This issue will be fixed by an approved PR that hasn't been released yet.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

update axios version awslabs/aws-crt-nodejs
2 participants
@jmklix @nishikawa2410