unpin and upgrade `axios` version
micalevisk opened this issue · comments
Micael Levi L. Cavalcante commented
Hi! Thank you for this lib!
I was wondering why did you fixed the version of axios
dependency. Why not use the semver range ^0.21.1
instead? (or even ^0.24.0
)
nestjs-http-promise/package.json
Line 21 in 1502ac3
Also, npm audit
reports this vulnerability of axios@0.21.1
axios <=0.21.1
Severity: high
Incorrect Comparison in axios - https://github.com/advisories/GHSA-cph5-m8f7-6c5x
No fix available
node_modules/nestjs-http-promise/node_modules/axios
nestjs-http-promise *
Depends on vulnerable versions of axios
node_modules/nestjs-http-promise
benhason1 commented
Hi, thanks for the feedback!
no reason why I didn’t use the semver range of ^0.21.0, version 0.24.0 wasn’t released when this package was.
A new version with those fixes will be released in the next couple of hours so stay tuned!
benhason1 commented
A new version with those update been released 😄