Security - Update @sendgrid/mail dependency on axios to support patched versions for security

**Describe the problem**
The package @sendgrid/mail depends on axios < 1.12.0, which is currently vulnerable to a DoS attack via unbounded memory allocation (see CVE/CVSS details and summary: https://github.com/advisories/GHSA-4hjh-wcwx-xvwj).

**Security Impact**
Projects using @sendgrid/mail cannot upgrade axios past 1.11.0, leaving them exposed to a known vulnerability. The issue is fixed in axios version 1.12.0 and above.

**Suggested fix**
Please update the @sendgrid/mail dependency to allow axios >= 1.12.0. This will allow downstream projects to patch this security issue.

**References**
- Axios vulnerability summary: https://github.com/advisories/GHSA-4hjh-wcwx-xvwj

Thank you!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Security - Update @sendgrid/mail dependency on axios to support patched versions for security #1446

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security - Update @sendgrid/mail dependency on axios to support patched versions for security #1446

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions