Hi, @skellock @rdewolff , there is a vulnerability introduced in your package apisauce:
ISSUE DESCRIPTION:
A vulnerability CVE-2022-0536 is introduced in apisauce package through the dependency axios which is 0.21.4 using the follow-redirects package 1.14.0 which actually has this vulnerability. So this vulnerability was patched in the version 1.14.9 of follow-redirects
SUGGESTED SOLUTION:
Need to upgrade the version of axios in apisauce to atleast 0.27.2 as axios 0.27.2 is using the 1.14.9 version of follow-redirects so that the vulnerability is fixed in it
Hi, @skellock @rdewolff , there is a vulnerability introduced in your package apisauce:
ISSUE DESCRIPTION:
A vulnerability CVE-2022-0536 is introduced in apisauce package through the dependency
axios
which is0.21.4
using thefollow-redirects
package1.14.0
which actually has this vulnerability. So this vulnerability was patched in the version1.14.9
offollow-redirects
SUGGESTED SOLUTION:
Need to upgrade the version of
axios
in apisauce to atleast0.27.2
as axios0.27.2
is using the1.14.9
version offollow-redirects
so that the vulnerability is fixed in itThanks for your contributions
Regards, Ankush Gaba