Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

axios 0.17.1 , 0.18.0 is showing a minor security issue #3354

Closed
yashwanthkumarsuruneni opened this issue May 28, 2019 · 4 comments
Closed

axios 0.17.1 , 0.18.0 is showing a minor security issue #3354

yashwanthkumarsuruneni opened this issue May 28, 2019 · 4 comments
Assignees
@elorzafe
Labels
Security Issues related to security concerns to-be-reproduced Used in order for Amplify to reproduce said issue

Comments

@yashwanthkumarsuruneni
Copy link

yashwanthkumarsuruneni commented May 28, 2019
edited

Describe the bug
Running the snyk scan on my project

To Reproduce
Steps to reproduce the behavior:

  1. Run the snyk scan on your node_modules

Expected behavior
The scan shouldn't show any security vulnerabilities

Screenshots

Screen Shot 2019-05-28 at 9 42 57 AM
@yashwanthkumarsuruneni yashwanthkumarsuruneni changed the title axios 0.17.1 is showing a minor security issue axios 0.17.1 , 0.18.0 is showing a minor security issue May 28, 2019
@manueliglesias
Copy link
Contributor

Hi @yashwanthkumarsuruneni

Thanks for bringing this to our attention.

I see the issue has been reported (axios/axios#1098) in the axios repo and a fix has been merged to master.

For now, we need to wait for it to be released and then adjust our dependency if needed.

@manueliglesias manueliglesias added enhancement Security Issues related to security concerns to-be-reproduced Used in order for Amplify to reproduce said issue labels May 28, 2019
@rowanu
Copy link

rowanu commented May 30, 2019

Great to see you guys across this 😄

Very keen to see this dependency updated when possible, because Security.

@jessedoyle
Copy link
Contributor

jessedoyle commented May 30, 2019
edited

Hi @manueliglesias - It looks like version 0.19.0 of axios has been released: https://github.com/axios/axios/releases/tag/v0.19.0. Just FYI!

Edit:

In the future what do you think about relaxing the restriction on axios?

Because the definition uses the caret operator and that the dependency is pre 1.0.0, npm won't allow upgrading to the next minor version to respect semantic versioning.

@elorzafe elorzafe mentioned this issue May 31, 2019
Merged
@github-actions
Copy link

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 12, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@elorzafe elorzafe

Labels
Security Issues related to security concerns to-be-reproduced Used in order for Amplify to reproduce said issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@rowanu @manueliglesias @jessedoyle @yashwanthkumarsuruneni @elorzafe