Upgrade axios to >=0.21.1 to fix high vulnerability
liyuting1010 opened this issue · comments
Hi,
could we ask to update the axios
version to avoid the SSRF vulnerability?
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Server-Side Request Forgery │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ axios │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.21.1 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ analytics-node │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ analytics-node > axios │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1594 │
└───────────────┴──────────────────────────────────────────────────────────────┘
Please fix 🙏
@pooyaj Are you able to escalate this fix?
Thanks for raising the issue. We're looking into it and we'll merge it ASAP
Thanks everyone for flagging this. The 3.5.0
should have the fix!