Update Axios Version To 0.21.4 #1294

LuisOsta · 2021-09-04T21:21:10Z

Recently axios released a new version 0.21.2 that patched the security issue described here.

Currently
Since the SendGrid client uses the old version of axios, it will doesn't have the patch fix. You can see the version it specifies here

eshanholtz · 2021-09-07T19:09:33Z

This issue has been added to our internal backlog to be prioritized. Pull requests and +1s on the issue summary will help it move up the backlog.

LuisOsta · 2021-09-07T23:02:51Z

@eshanholtz Thanks for the quick reply! I've gone ahead and made the PR necessary to fix this issue.

It actually turns out that the necessary fix version is 0.21.4

LuisOsta · 2021-09-07T23:03:54Z

LuisOsta · 2021-09-09T12:56:17Z

Just an update that the PR is ready and approved but just hasn't been merged in yet. In case anyone is following this thread

LuisOsta changed the title ~~Update Axios Version With Security Patch~~ Update Axios Version To 0.21.2 Sep 4, 2021

eshanholtz added status: help wanted requesting help from the community type: security known security issue labels Sep 7, 2021

LuisOsta mentioned this issue Sep 7, 2021

chore: Bump Axios to 0.21.4 to fix ReDoS #1296

Merged

8 tasks

LuisOsta changed the title ~~Update Axios Version To 0.21.2~~ Update Axios Version To 0.21.4 Sep 7, 2021

shwetha-manvinkurke closed this as completed Sep 9, 2021

Provide feedback