Axios Supply Chain Incident: Your Strapi Project Is Safe

A recent supply chain security incident involving certain versions of the axios HTTP library has raised concerns, but Strapi projects remain unaffected as long as default installations are used. An investigation by the Strapi team confirmed that none of the repositories in the Strapi GitHub organization utilize axios versions above 1.14.0, with core components pinned at 1.13.5 and other dependencies at safe versions. The risk arises only if users have manually upgraded axios beyond version 1.14.0 for custom purposes, in which case they are advised to downgrade to version 1.13.6 or lower. Strapi emphasizes its commitment to security by maintaining stringent control over dependency versions and assures users that the situation is being closely monitored, with open lines for communication through community channels for any concerns.