search

d-velop / dvelop-sdk-node

Official SDK to build Apps for d.velop cloud
Apache License 2.0
10 stars 14 forks source link

Update Axios #163

Closed mcremer-able closed 3 months ago

mcremer-able commented 1 year ago

Axios is in the latest release on version 1.3.4 The project uses version 0.23 from Sep 4, 2021

Aside from the obvious security risk, this also causes issues with libaries that use axios >=1.0

LenKlose commented 1 year ago

Hi @mcremer-able,

we could not find any security risks in our current axios version. If you have contradicting information please let us know.

But you're obviously right in the fact that our axios version is outdated. We will look into the effort needed.

Thanks for your contribution.

Lennart

vekunz commented 7 months ago

Now Axios has a security risk https://avd.aquasec.com/nvd/2023/cve-2023-45857/