Upgraded Axios version Current Axios version was 0.21.4, this version has a CSRF vulnerability. https://github.com/axios/axios/issues/6022. v1.6.0 has fixed this problem, upgrade Axios to that version. Reference: https://github.com/axios/axios/pull/6028 The package-lock.json was generated by pointing bitbake at my local repo and building the image. devtool modify -n webui-vue <local repo> This uses the npm version in yocto 10.4.0. Tested: Loaded this on a p10bmc and GUI looked good. Signed-off-by: Nikhil Ashoka <a.nikhil@ibm.com> Change-Id: Ifb0d64c7d4d15d2396ee6d83d609ab8522d9e247 Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

commit: 129aecd0d575fa12a73850387f081f1cf31a9050 [log] [tgz]
author: Nikhil Ashoka <a.nikhil@ibm.com> Wed Mar 27 16:00:49 2024 +0530
committer: Gunnar Mills <gmills@us.ibm.com> Tue Apr 02 15:59:32 2024 -0500
tree: eee6c52dd086cc827fadf04c9a599bc0a0c56409
parent: 264589a68fb1cf0120feb0915fceb3f3c6e0f0e1 [diff] [blame]
diff --git a/package.json b/package.json
index b0ee340..efdb808 100644
--- a/package.json
+++ b/package.json

@@ -17,7 +17,7 @@
     "dependencies": {
         "@carbon/icons-vue": "10.28.0",
         "@novnc/novnc": "1.2.0",
-        "axios": "0.21.4",
+        "axios": "1.6.0",
         "bootstrap": "4.6.0",
         "bootstrap-vue": "2.21.2",
         "core-js": "3.9.1",
commit	129aecd0d575fa12a73850387f081f1cf31a9050	[log] [tgz]
author	Nikhil Ashoka <a.nikhil@ibm.com>	Wed Mar 27 16:00:49 2024 +0530
committer	Gunnar Mills <gmills@us.ibm.com>	Tue Apr 02 15:59:32 2024 -0500
tree	eee6c52dd086cc827fadf04c9a599bc0a0c56409
parent	264589a68fb1cf0120feb0915fceb3f3c6e0f0e1 [diff] [blame]