Skip to content

v1.3.2 — axios security upgrade

Choose a tag to compare

View all tags
@makowskid makowskid released this 30 May 02:47
· 1 commit to master since this release
v1.3.2
ddb284b

Security

Upgrade axios 1.14.01.16.1 to remediate the Snyk/GitHub-reported vulnerabilities in the transitive axios dependency, including:

  • Prototype Pollution (CWE-1321, CVSS 9.1)
  • HTTP Response Splitting / CRLF Injection (CWE-113)
  • Uncontrolled Recursion (CWE-674)
  • SSRF, Confused Deputy, and improper output encoding

All flagged issues are fixed by axios >= 1.15.2; 1.16.1 includes those plus later patches. Pulls in follow-redirects@1.16.0 and https-proxy-agent@5.0.1.

Maintenance

  • Realigned the package-lock.json version field (had drifted at 1.3.0).

Verification

  • npm audit --omit=dev0 vulnerabilities
  • Test suite: 42/42 passing

No source/API changes — drop-in upgrade.

Assets 2
Loading