Skip to content

Update axios dependency (fixes GHSA-3p68-rc4w-qgx5)#58

Open
hlovdal wants to merge 1 commit intonode-red:masterfrom
hlovdal:deps
Open

Update axios dependency (fixes GHSA-3p68-rc4w-qgx5)#58
hlovdal wants to merge 1 commit intonode-red:masterfrom
hlovdal:deps

Conversation

@hlovdal
Copy link
Copy Markdown
Contributor

@hlovdal hlovdal commented Apr 9, 2026

The only kind of potential breaking issue mentioned in the release note was deprecation of url.parse which I did not find any usage of here.

All tests still pass after updating.

@hlovdal
Update axios dependency (fixes GHSA-3p68-rc4w-qgx5)
16ccb4e 
$ npm audit

axios  <1.15.0
Severity: critical
Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF - GHSA-3p68-rc4w-qgx5
fix available via `npm audit fix --force`
Will install axios@1.15.0, which is outside the stated dependency range
node_modules/axios
@coveralls
Copy link
Copy Markdown

coveralls commented Apr 9, 2026

Coverage Status

coverage: 81.27%. remained the same — hlovdal:deps into node-red:master

hlovdal added a commit to hlovdal/hlovdal-node-red-lowercase-in-typescript that referenced this pull request Apr 9, 2026
@hlovdal
Temporary override axios
62b660f 
No upstream issue yet for wait-on, last update at
https://github.com/jeffbski/wait-on/pull/192/changes.

Upstream node-red-admin issue,
node-red/node-red-admin#58.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hlovdal @coveralls