Merge pull request #49 from Moesif/prevent-potential-axios-attack

xinghengwang · web-flow · commit a532524d965d · 2026-04-02T08:10:11.000-07:00
Pin axios version due to potential Axios supply chain attack
diff --git a/lib/configuration.js b/lib/configuration.js
@@ -9,7 +9,7 @@ var configuration = {
     BaseUri : "https://api.moesif.net",
     //Your Application Id for authentication/authorization
     ApplicationId : "SET_ME",
-    UserAgent : 'moesifapi-nodejs/3.1.2'
+    UserAgent : 'moesifapi-nodejs/3.1.3'
 
 };
 
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "moesifapi",
-  "version": "3.1.2",
+  "version": "3.1.3",
   "description": "Collection/Data Ingestion API for Moesif",
   "main": "./lib/index.js",
   "keywords": [
@@ -25,8 +25,8 @@
     "url": "https://github.com/moesif/moesifapi-nodejs"
   },
   "dependencies": {
-    "axios": "^1.7.7",
-    "axios-retry": "^3.5.1"
+    "axios": "1.13.2",
+    "axios-retry": "3.9.1"
   },
   "devDependencies": {
     "chai": "^4.3.7",
