search

algolia / youtube-captions-scraper

Fetch youtube user submitted or fallback to auto-generated captions
249 stars 67 forks source link

Snyk alerts axios is old #26

Closed hiroshinishio closed 6 months ago

hiroshinishio commented 9 months ago

Snyk alerted as follows:

Server-Side Request Forgery (SSRF) affecting package axios. No direct upgrade path, fixed in: axios@0.21.1 (Snyk)Snyk Open SourceSNYK-JS-AXIOS-1038255 Regular Expression Denial of Service (ReDoS) affecting package axios. No direct upgrade path, fixed in: axios@0.21.3 (Snyk)Snyk Open SourceSNYK-JS-AXIOS-1579269 Denial of Service (DoS) affecting package axios. No direct upgrade path, fixed in: axios@0.18.1 (Snyk)Snyk Open SourceSNYK-JS-AXIOS-174505 Cross-site Request Forgery (CSRF) affecting package axios. No direct upgrade path, fixed in: axios@1.6.0 (Snyk)Snyk Open SourceSNYK-JS-AXIOS-6032459

I don't know if I can ignore this alert.

Haroenv commented 9 months ago

You can update the axios version in a PR :) Give it a try and let me know if there's any struggle

dfdeagle47 commented 6 months ago

@Haroenv I've created https://github.com/algolia/youtube-captions-scraper/pull/29 to address this issue.

Haroenv commented 6 months ago

published :)