Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade axios to latest version #11987

Closed
1 task done
AuthorProxy opened this issue Sep 7, 2023 · 7 comments
Closed
1 task done

Upgrade axios to latest version #11987

AuthorProxy opened this issue Sep 7, 2023 · 7 comments
Labels
Core Related to core Amplify issues feature-request Request a new feature

Comments

@AuthorProxy
Copy link

AuthorProxy commented Sep 7, 2023
edited by nadetastic

Is this related to a new or existing framework?

No response

Is this related to a new or existing API?

No response

Is this related to another service?

No response

Describe the feature you'd like to request

Upgrade axios to latest version

Describe the solution you'd like

Upgrade axios to latest version

Describe alternatives you've considered

Upgrade axios to latest version

Additional context

No response

Is this something that you'd be interested in working on?

  • 👋 I may be able to implement this feature request
@AuthorProxy AuthorProxy added the pending-triage Issue is pending triage label Sep 7, 2023
@nadetastic nadetastic added the feature-request Request a new feature label Sep 7, 2023
@cwomack cwomack added Core Related to core Amplify issues and removed pending-triage Issue is pending triage labels Sep 7, 2023
@nadetastic
Copy link
Contributor

Hi @AuthorProxy thanks for opening this feature request. Updating the version of axios is something that we are discussing internally and will provide a follow up soon.

Also, I have re-added the additional fields from the issue template as well to match with other FR in our repo 😄

@AuthorProxy
Copy link
Author

AuthorProxy commented Sep 8, 2023
edited

Hi @AuthorProxy thanks for opening this feature request. Updating the version of axios is something that we are discussing internally and will provide a follow up soon.

Also, I have re-added the additional fields from the issue template as well to match with other FR in our repo 😄

if it is possible - plz add possibility to setup interceptors and setup defaults, give access to internal axios instance

@milotoor
Copy link

milotoor commented Oct 25, 2023
edited

This feature request just gained a lot of urgency with this CSRF vulnerability report from Snyk. See the issue in axios's repo here and here. It's not clear to me that any version of axios does not suffer from this, so upgrading to v1 may or may not be helpful in this regard. But assuming a patch is incoming soon, an upgrade of some kind will be necessary from aws-amplify since version 0.26.0 is pinned in api-rest.

@milotoor
Copy link

Axios has now patched the issue in v1.6.0

@nadetastic
Copy link
Contributor

Hi @milotoor thank you for sharing this! - The team is currently working to address this and will provide some updates soon.

@nathfy
Copy link

nathfy commented Oct 31, 2023

As a temporary work around you can add:

"overrides": {
    "axios": "^1.6.0"
  },
  "resolutions": {
    "axios": "^1.6.0"
  },

To your package.json.

@elorzafe elorzafe closed this as completed Nov 7, 2023
@elorzafe elorzafe reopened this Nov 7, 2023
@cwomack cwomack closed this as completed Nov 21, 2023
@elorzafe elorzafe reopened this Nov 22, 2023
@cwomack cwomack closed this as completed Nov 22, 2023
@cwomack cwomack reopened this Nov 22, 2023
@cwomack
Copy link
Contributor

cwomack commented Nov 22, 2023
edited

Hello @AuthorProxy and @milotoor,

Thank you for reaching out regarding the Axios package flagged by your report. On November 6, 2023, Amplify has published a new version of the aws-amplify package, version 5.3.12, which upgrades our Axios dependency from 0.26.0 to 1.6.0. We recommend that you upgrade to the latest version of aws-amplify to address this issue.

https://www.npmjs.com/package/aws-amplify/v/5.3.12

@cwomack cwomack closed this as completed Nov 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Core Related to core Amplify issues feature-request Request a new feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@AuthorProxy @nathfy @milotoor @elorzafe @cwomack @nadetastic