search

cashfree / cashfree-pg-sdk-nodejs

Cashfree Nodejs Plugin
https://www.cashfree.com/
Apache License 2.0
6 stars 3 forks source link

Bump axios to 1.7.4 to patch vulnerabilites #75

Open web-ainyx opened 2 months ago

web-ainyx commented 2 months ago

npm audit

npm audit report

axios 1.0.0 - 1.7.3 Severity: high Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx Server-Side Request Forgery in axios - https://github.com/advisories/GHSA-8hc4-vh64-cxmj No fix available node_modules/cashfree-pg/node_modules/axios cashfree-pg * Depends on vulnerable versions of axios node_modules/cashfree-pg

2 vulnerabilities (1 moderate, 1 high)

Some issues need review, and may require choosing a different dependency.

web-ainyx commented 2 months ago

FYA ^^ @suhas-cashfree @pranav-sdet-cashfree @bhaskar-cashfree

suhas-cashfree commented 2 months ago

acknowledged