Update axios version. CORS Vulnerability

Question

Update axios version. CORS Vulnerability

RyanGSampson opened this issue 8 months ago · comments

RyanGSampson commented 8 months ago

Versions:

@inertiajs/core version: #.#.#
@inertiajs/vue2 version: #.#.#
@inertiajs/vue3 version: #.#.#
@inertiajs/react version: #.#.#
@inertiajs/svelte version: #.#.#

Describe the problem:

Ineria core running on axios 1.2.0
Please update to 1.6.5

Steps to reproduce:

run npm audit

npm audit report

axios 0.8.1 - 1.5.1
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - GHSA-wf5p-g6vw-rhxx
No fix available
node_modules/@inertiajs/inertia/node_modules/axios
@inertiajs/inertia *
Depends on vulnerable versions of axios
node_modules/@inertiajs/inertia
@inertiajs/inertia-vue3 *
Depends on vulnerable versions of @inertiajs/inertia
node_modules/@inertiajs/inertia-vue3

3 moderate severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

Vitalie · Answer 1 · Mon Jan 22 2024 15:19:48 GMT+0800 (China Standard Time)

@reinink any future updates on this??

Sheng Slogar · Answer 2 · Tue Feb 27 2024 03:49:37 GMT+0800 (China Standard Time)

Should be addressed by #1723

Jonathan Reinink · Answer 3 · Tue Feb 27 2024 04:06:39 GMT+0800 (China Standard Time)

Yep, thanks @shengslogar — this one has been fixed in #1723 👍