Updating follow-redirects to version 1.14.7 #4379
Conversation
|
This line of code, I believe, will use the most recent patch version when installing. "follow-redirects": "^1.14.4"As a result, when you try to install Axios, it will resolve to |
Hey, yes this works! Thanks for your comment. Is necessary to keep this PR just to update this library? |
|
You can use resolutions in your package.json "resolutions": {
"axios/follow-redirects": "^1.14.4"
}Then you can upgrade it with yarn with |
|
Cool thanks, I know you can do the resolutions and that it should install the latest, but I will still accept this PR as cutting a new release on axios will cause things like dependabot to send out notices to update, release should be out tonight :) |
|
Thanks for fixing this. Any idea on when it will be released? |
|
This was more for other people that came across this and needed a fast solution due to security concerns from SNYK. |
|
Hi @gussalesdev and team, Thanks for fixing this. |
Will be in the next few hours |
|
Thanks for the quick fix everyone! |
Seems like the release hasn't happened yet |
|
Any update on the release? We've had to point to the specific commit with the fix in it to unblock our pipeline at the moment. |
|
Any update ? Need to fix some modules on a big amount of servers .. 😅 |
|
Released 🎉 |
ghost
mentioned this pull request
Co-authored-by: Gustavo Sales <gustavo@blastradius.ai>
I notice the current version of
axios@0.24.0is using thefollow-redirects@1.14.6and recently was discovered a security vulnerability that was fixed onfollow-redirects@1.14.7.The overview of error is:
Here is the from
follow-redirectscommit with the fix that is currently on version1.14.7: follow-redirects/follow-redirects@8b347cb.