CodeceptJS depends on vulnerable package `axios@1.7.2`

#### What are you trying to achieve?

I am trying to resolve `npm audit` warnings in my project that uses CodeceptJS.

#### What do you get instead?

```txt
$ npm audit
# npm audit report

axios  1.3.2 - 1.7.3
Severity: high
Server-Side Request Forgery in axios - https://github.com/advisories/GHSA-8hc4-vh64-cxmj
fix available via `npm audit fix --force`
Will install codeceptjs@3.5.4, which is a breaking change
node_modules/axios
  codeceptjs  3.5.1-2.beta.7 || >=3.5.5
  Depends on vulnerable versions of axios
  node_modules/codeceptjs
```

See https://github.com/advisories/GHSA-8hc4-vh64-cxmj.

### Details

* CodeceptJS version: 3.6.5
* NodeJS Version: 20.12.2
* Operating System: OS X
* puppeteer || webdriverio || testcafe version (if related): N/A
* Configuration file: N/A

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

CodeceptJS depends on vulnerable package `axios@1.7.2` #4481

What are you trying to achieve?

What do you get instead?

Details

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

CodeceptJS depends on vulnerable package axios@1.7.2 #4481

Description

What are you trying to achieve?

What do you get instead?

Details

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

CodeceptJS depends on vulnerable package `axios@1.7.2` #4481