#Older peer dependency version in @nestjs/axios

2 messages · Page 1 of 1 (latest)

astral stump
#

Hi there,
I've noticed that in @nestjs/axios package.json the dev dependency version of axios is 1.8.4 but the peer dependency is still ^1.3.1 . I was wondering is this for a reason or is it just an oversight? The reason I noticed this is Wiz Scan is saying we have a vulnerable peer dependency version of axios.

GitHub
axios/package.json at master · nestjs/axios

Axios module for Nest framework (node.js) 🗂. Contribute to nestjs/axios development by creating an account on GitHub.

robust halo
#

^1.3.1 still matches version 1.8.4. Peer dependency ranges are usually deliberately kept more permissive