Closed andyedwardsibm closed 10 months ago
Thanks for reporting this, @andyedwardsibm . This showed up in our security scans as well, and the notifications for that system have been made louder so we're aware of issues moving forward.
:tada: This issue has been resolved in version 2.6.8 :tada:
The release is available on:
Your semantic-release bot :package::rocket:
This module is using
axois@^0.25.0
https://github.com/logdna/logger-node/blob/87463cbff9f6e64db596ce1f450bdd064bb1b22d/package.json#L109This makes it vulnerable to CVE-2023-45857:
Moving to at least 1.6.0 resolves the CVE