Skip to content

fix(deps): bump axios to ^0.32.0 (GHSA-3g43-6gmg-66jw)#48

Merged
eaguad1337 merged 1 commit into
4.0from
fix/axios-prototype-pollution
Jun 12, 2026
Merged

fix(deps): bump axios to ^0.32.0 (GHSA-3g43-6gmg-66jw)#48
eaguad1337 merged 1 commit into
4.0from
fix/axios-prototype-pollution

Conversation

@eaguad1337

Copy link
Copy Markdown
Contributor

What

Bumps axios from ^0.22.0 to ^0.32.0 in src/masonite/stubs/presets/base/package.json.

Why

Resolves Dependabot high-severity alert #1: axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge (GHSA-3g43-6gmg-66jw).

  • Vulnerable range (0.x line): >= 0.19.0, < 0.31.1
  • ^0.22.0 was affected; ^0.32.0 is patched.

Stays on the 0.x line to avoid a major-version jump on this maintenance branch's laravel-mix toolchain (the 5.0 branch already moved to axios 1.x with Vite).

@eaguad1337 eaguad1337 merged commit 9ddc881 into 4.0 Jun 12, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant