Could you please update axios to a newer version .. eg 1.6.1
the version you have as dependency 1.5.0 is vulnerable
ID SEVERITY DESCRIPTION
CVE-2023-45857 high An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies
by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers
to view sensitive information.
@huineng It is already fixed by PR #964 and will be available as part of next release. We are trying to release a new version of ibm_db with updated axios in 2-3 days. Thanks.
Could you please update axios to a newer version .. eg 1.6.1 the version you have as dependency 1.5.0 is vulnerable
thanks