From 16ccb4effcd05a2a62bf50527278259590ef5f4c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?H=C3=A5kon=20L=C3=B8vdal?= Date: Thu, 9 Apr 2026 21:34:45 +0200 Subject: [PATCH] Update axios dependency (fixes GHSA-3p68-rc4w-qgx5) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit $ npm audit axios <1.15.0 Severity: critical Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF - https://github.com/advisories/GHSA-3p68-rc4w-qgx5 fix available via `npm audit fix --force` Will install axios@1.15.0, which is outside the stated dependency range node_modules/axios --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index cc8f8dd..9d5d151 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,7 +10,7 @@ "license": "Apache-2.0", "dependencies": { "ansi-colors": "4.1.3", - "axios": "1.14.0", + "axios": "1.15.0", "bcryptjs": "3.0.3", "cli-table": "0.3.11", "enquirer": "2.4.1", @@ -955,9 +955,9 @@ "license": "MIT" }, "node_modules/axios": { - "version": "1.14.0", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.14.0.tgz", - "integrity": "sha512-3Y8yrqLSwjuzpXuZ0oIYZ/XGgLwUIBU3uLvbcpb0pidD9ctpShJd43KSlEEkVQg6DS0G9NKyzOvBfUtDKEyHvQ==", + "version": "1.15.0", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.15.0.tgz", + "integrity": "sha512-wWyJDlAatxk30ZJer+GeCWS209sA42X+N5jU2jy6oHTp7ufw8uzUTVFBX9+wTfAlhiJXGS0Bq7X6efruWjuK9Q==", "license": "MIT", "dependencies": { "follow-redirects": "^1.15.11", diff --git a/package.json b/package.json index b6c9ef0..0fd4f2f 100644 --- a/package.json +++ b/package.json @@ -29,7 +29,7 @@ }, "dependencies": { "ansi-colors": "4.1.3", - "axios": "1.14.0", + "axios": "1.15.0", "bcryptjs": "3.0.3", "cli-table": "0.3.11", "enquirer": "2.4.1",