Skip to content

Axios ad Tar dependency libraries have vulnerabilities causing security issues #23309

Answered by jaysoo
Sujietha asked this question in Questions
Axios ad Tar dependency libraries have vulnerabilities causing security issues #23309
@Sujietha Sujietha
May 10, 2024 · 1 comments · 1 reply
Answered by jaysoo Return to top
Discussion options

Sujietha
May 10, 2024

You must be logged in to vote
Answered by jaysoo May 13, 2024

Both tar and follow-redirects (the axios vulnerability) are deps of deps, so we don't have control over their versions. I recommend you open issues against those projects instead. This isn't something we can handle on our end.

Run npm why tar and npm why follow-redirects (or the pnpm/yarn equivalent) to see what packages are using them.

For your own repo, you can use overrides or resolutions in your package.json file (depending on your package manager) to force the patched versions of affected packages.

View full answer

Replies: 1 comment 1 reply

Comment options

jaysoo
May 13, 2024
Maintainer

You must be logged in to vote
1 reply
@Sujietha
Comment options

Sujietha May 16, 2024
Author

Answer selected by Sujietha
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
2 participants
@Sujietha @jaysoo