Closed BearCooder closed 8 months ago
FYI as this is also in Taquito. Taquito is replacing axios with native Fetch as Fetch is a built in feature in Node, so no package imports are necessary. So this way this issue will resolve itself with the new release. https://github.com/ecadlabs/taquito/issues/2735#issuecomment-1828866203
Hey @BearCooder, Thanks for bringing up this issue. Currently, we're sticking with axios, but we might swap it out for fetch down the line. Appreciate it!
This issue should be solved since v4.1.1
The Axios Cross-Site Request Forgery Vulnerability was published 2 weeks ago. Github Vulnerability Details
I just got noticed after installing the dependencies. It seems Beacon SDK uses a vulnerable Axios version? I have the latest Beacon and Taquito versions installed.