-
Notifications
You must be signed in to change notification settings - Fork 780
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(axios): updated axios version to fix critical vulnerability #1387
base: main
Are you sure you want to change the base?
Conversation
# Fixes # - Updated axios version to fix critical vulnerability
this is an important fix needed, is there any reason the tests are not running ? |
No idea, let's see if some of the product developers can check this issue and check the problem with the tests |
Hi there, |
can someone look at this error, doesn't look like an axios problem but with the test itself |
Hi! I will be looking into this and include it in the next release |
Hi @tiwarishubham635, when will the next release be? |
This thursday |
Great, thanks! |
@tiwarishubham635 will other packages that use the |
Yes, since the changes are in the package version of axios, all the affected places will be modified. I hope that answers your query. |
@tiwarishubham635 The current version of Axios only supports Node.js 12.x and above: Node.js 6 is no longer in Long Term Support and has security vulnerabilities. My recommendation would be to treat this as a breaking change, drop support for older unsupported Node.js versions, then bump the major version. You'll likely find that the these tests for Node.js 7, 8, and 10 will also fail the same way - they were skipped because the test for 6 failed. |
Yes, we have already identified this issue and are in the process of removing the older node versions. Once it is done, this PR will be merged |
@tiwarishubham635 @shrutiburman "Thursday" is Not sure if it was last Thursday or this Thursday, but it looks like they did the old Node.js drop in #1390, so hopefully it will be merged soon. |
Hi There, |
Related PR: #1391 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@joserodriguezjll when you have a chance can you merge |
What is the ETA to get this merged & released? |
This is a pretty critical issue for us and many others - perhaps the sendgrid team might want to drive this forwards without waiting for an external contributor? |
Na guys, main question is when will the npm package will get updated? I think the already merged/fixed the issue in Github repo, but not updated the npm module, btw is this correct npm module na? Because I am using this in my projects. |
Let's gooooooooooooooooooooooooooooooooo. |
Has anyone had success using 8.0.0? I am seeing an issue as described here #1391 (comment) - Also is there a reason Issues are disabled on this GitHub repo? I would like to raise this in the right place rather than in the comments section on several PRs. |
Using it since the launch, never faced any issue till now mate. |
I was thinking to shift from sendgrid soon, their service getting poor, & new clients onboarding issue too. |
This seems to be addressed in #1394, but three months to fix a vulnerability flagged as critical? Yikes. |
Fixes
Checklist
If you have questions, please file a support ticket.