Outdated axios depencency causes security vulnerability - Githubissues

Sitecore / jss

Software development kit for JavaScript developers building web applications with Sitecore Experience Platform

https://jss.sitecore.com

Apache License 2.0

255 stars 270 forks source link

Outdated axios depencency causes security vulnerability #1824

Open jkesseler opened 2 weeks ago

jkesseler commented 2 weeks ago

Describe the Bug

See: https://github.com/advisories/GHSA-wf5p-g6vw-rhxx Please keep dependencies up-to-date

To Reproduce

Run npm install on any project depending in '@sitecore-jss/sitecore-jss'

Expected Behavior

No security vulnerabilites

Possible Fix

Keep dependencies up to date.

Provide environment information

Sitecore Version: Not applicable
JSS Version: 22
Browser Name and version: Not applicable
Operating System and version (desktop or mobile): Not applicable
Link to your project (if available): Not applicable

art-alexeyenko commented 1 week ago

Thank you for reporting this. It's in our backlog for further prioritization.