search

lob / lob-typescript-sdk

MIT License
11 stars 7 forks source link

Axios dependency security vulnerability #283

Open ricardograca-scratch opened 2 months ago

ricardograca-scratch commented 2 months ago

Summary

npm audit indicates there's a security vulnerability in the version of Axios used here: https://github.com/advisories/GHSA-8hc4-vh64-cxmj

Expected Behavior

No security vulnerabilities.

Current Behavior

# npm audit report

axios  1.3.2 - 1.7.3
Severity: high
Server-Side Request Forgery in axios - https://github.com/advisories/GHSA-8hc4-vh64-cxmj
fix available via `npm audit fix`
node_modules/@lob/lob-typescript-sdk/node_modules/axios

Possible Solution

Upgrade axios to version 1.7.4.

Steps to Reproduce

  1. Add @lob/lob-typescript-sdk as a dependency to your project
  2. Run npm install && npm audit

I can provide a PR if that's acceptable.