artilleryio / artillery

The complete load testing platform. Everything you need for production-grade load tests. Serverless & distributed. Load test with Playwright. Load test HTTP APIs, GraphQL, WebSocket, and more. Use any Node.js module.
https://www.artillery.io
Mozilla Public License 2.0
8.03k stars 510 forks source link

security vulnerability found in package axios #2519

Open ms-oh opened 8 months ago

ms-oh commented 8 months ago

Thank you for filing a bug report! 🐛 Please provide a short summary of the bug, along with any information you feel relevant to replicating it. -->

Version info:

2.0.6

Running this command:

npm audit

I expected to see this happen:

Found 0 vulnerabilities

Instead, this happened:

Found 1 vulnerability: axios

Files being used:

<none>
pedroresende commented 6 months ago

This seems to be related with posthog-node-2.6.0

@hassy is there any plan to address the vulnerabilities ?

hassy commented 6 months ago

yes, we try to address any reported dependency vulnerabilities in each release so we’ll try to upgrade this one in the upcoming release

On Thu, 2 May 2024 at 08:51 Pedro Resende @.***> wrote:

This seems to be related with posthog-node-2.6.0

@hassy https://github.com/hassy is there any plan to address the vulnerabilities ?

— Reply to this email directly, view it on GitHub https://github.com/artilleryio/artillery/issues/2519#issuecomment-2089832079, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAALUWZPGGO77LVRND47XDZAHWATAVCNFSM6AAAAABD3RPTRWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBZHAZTEMBXHE . You are receiving this because you were mentioned.Message ID: @.***>

pedroresende commented 2 months ago

any news on this ?

dirkluijk commented 2 weeks ago

Should be fixed by https://github.com/artilleryio/artillery/pull/3387.