loggly / node-loggly-bulk

A client implementation for Loggly in node.js
https://www.loggly.com/docs/node-js-logs/
Other
20 stars 20 forks source link

CVE-2023-45857 Bump axios to non-vulnurable version #73

Closed MichaelGoff closed 3 months ago

MichaelGoff commented 1 year ago

I bumped axios up to the latest version. I left in the ^ to allow for future necessary updates, but I'm happy to remove that if you prefer!

npm install also sorted dependencies alphabetically.

lalitsharma309 commented 10 months ago

This dependency vulnerability is a show stopper for our app, without being able to update axios our app won't pass it's pipeline vulnerability scans.

Any update? can this be merged? Thank you

1MateuszKruk commented 9 months ago

Hello, any plan to merge this?

dmytroyarmak commented 9 months ago

@zdenek-machek-swi Any change to have this fix merged and published in new version?

cbeanLeadr commented 4 months ago

Any updated on getting this merged and published to fix the dependency vulnerability?

zdenek-machek-swi commented 3 months ago

Any updated on getting this merged and published to fix the dependency vulnerability?

Sorry, I've missed notifications here. In next few days there will be new version with published https://github.com/loggly/node-loggly-bulk/pull/78

zdenek-machek-swi commented 3 months ago

Release https://github.com/loggly/node-loggly-bulk/releases/tag/v4.0.2 fixes this issue