chore(client): bump and pin axios to v1.13.5 by babu-ch · Pull Request #1453 · sendgrid/sendgrid-nodejs
Conversation
Fixes
A short description of what this PR does.
Checklist
- I acknowledge that all my contributions will be made under the project's license
- I have made a material change to the repo (functionality, testing, spelling, grammar)
- I have read the Contribution Guidelines and my PR follows them
- I have titled the PR appropriately
- I have updated my branch with the main branch
- I have added tests that prove my fix is effective or that my feature works
- I have added the necessary documentation about the functionality in the appropriate .md file
- I have added inline documentation to the code I modified
If you have questions, please file a support ticket.
Would it be possible to lock the version of Axios?
We had 1.14 installed in a project because of Sendgrid/Client
axios/axios#10604
Lock axios to exact version to prevent auto-installing potentially compromised 1.14.x versions (see axios/axios#10604).
babu-ch
changed the title
chore(client): bump axios to v1.13.5
chore(client): bump and pin axios to v1.13.5
Worth noting that axios 1.14.1 and 0.30.4 are the compromised versions, so staying away from those is the right call. However the maintainers have already pulled them from the releases page, so it should be safe for SendGrid now.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters