Exclude axios 1.2.0

It has a pretty bad bug (axios/axios#5328) where it will fail to decode responses that don’t have a Content-Length response header set; a fix is already committed, but not yet released. npm semver doesn’t have a syntax to exclude a specific version, but we can simulate it by combining two ranges. (It’s not clear whether the next axios release will be 1.2.1 or 1.3.0, but ^1.2.1 should match either.)
lucaswerkmeister · Dec 4, 2022 · 7f465e8 · 7f465e8
1 parent abf2600
commit 7f465e8
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 2 deletions.
diff --git a/CHANGES.md b/CHANGES.md
@@ -26,6 +26,7 @@ but this file may sometimes contain later improvements (e.g. typo fixes).
   when using the default `errorformat` on current MediaWiki versions;
   this has been fixed.
   (It’s still a good idea to set a non-`bc` error format in general.)
+- Exclude axios 1.2.0, which should not be used due to a bug.
 
 ## v0.7.1 (2022-11-12)
 

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -29,7 +29,7 @@
 		"node": "^12.22.0 || >=14.17.0"
 	},
 	"dependencies": {
-		"axios": "^1.1.3",
+		"axios": "^1.1.3 <1.2.0 || ^1.2.1",
 		"http-cookie-agent": "^1.0.6",
 		"tough-cookie": "^4.1.2"
 	},