ScaleLeap / selling-partner-api-sdk

A fully typed TypeScript and Node.js SDK library for Amazon Selling Partner API

https://npm.im/@scaleleap/selling-partner-api-sdk

MIT License

66 stars 28 forks source link

This project depends on vulnerable version of axios #1102

Closed dzialdowski closed 1 week ago

dzialdowski commented 2 weeks ago

npm audit report

axios 1.3.2 - 1.7.3 (package.json points at exactly 1.7.2) Severity: high Server-Side Request Forgery in axios - https://github.com/advisories/GHSA-8hc4-vh64-cxmj node_modules/@scaleleap/selling-partner-api-sdk/node_modules/axios @scaleleap/selling-partner-api-sdk >=6.11.1 Depends on vulnerable versions of axios node_modules/@scaleleap/selling-partner-api-sdk

nguyentoanit commented 1 week ago

@dzialdowski : Thanks for your report! This issue was fixed in v8.0.0. 📦

https://github.com/ScaleLeap/selling-partner-api-sdk/pull/1105