security: require axios >= 1.6.4 due to vulnerability in follow-redir…

…ect <= 1.15.4
DeepLcom · Jan 26, 2024 · 21f41f1 · 21f41f1
1 parent 2b257df
commit 21f41f1
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 11 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,9 +5,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 
-## Unreleased
+## [Unreleased]
 ### Fixed
 * Dependencies: Update `follow-redirects` due to security vulnerability
+### Security
+* Increase `axios` requirement to `^1.6.4` to avoid 
+  [vulnerability in follow-redirects <1.15.4](https://github.com/advisories/GHSA-jchw-25xp-jwwc)
 
 
 ## [1.11.0] - 2023-11-03

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -20,7 +20,7 @@
     ],
     "dependencies": {
         "@types/node": ">=12.0",
-        "axios": ">=0.21.2 <1.2.0 || >=1.2.2",
+        "axios": "^1.6.4",
         "form-data": "^3.0.0",
         "loglevel": ">=1.6.2"
     },