Critical vulnerabilities with axios package in latest version

[AbhishekRatnawat]

We found that in latest npm-groovy-lint package, there are critical vulnerabilities with axios package. It is still using older axios version-

 "vulnerabilities": [
        {
          "vulnerability_id": "CVE-2023-45857",
          "severity": "MEDIUM",
          "pkg_name": "axios",
          "pkg_path": "usr/local/lib/node_modules/npm-groovy-lint/node_modules/amplitude/node_modules/axios/package.json",
          "installed_version": "0.24.0",
          "fixed_version": "1.6.0, 0.28.0",
          "cvss_v2_score": "",
          "cvss_v3_score": "6.5",
          "status_summary": {
            "priority": "MEDIUM",
            "status": "FAILED"
          }
        }
      ]

Please help us by resolving these.

[nvuillam]

@AbhishekRatnawat solved and released in v14.3.0 , thanks for reporting the issue :)

[AbhishekRatnawat]

@nvuillam still we can see vulnerability with 0.26.0 version-

{
      "target": "Node.js",
      "category": "lang-pkgs",
      "type": "node-pkg",
      "vulnerabilities": [
        {
          "vulnerability_id": "CVE-2023-45857",
          "severity": "MEDIUM",
          "pkg_name": "axios",
          "pkg_path": "usr/local/lib/node_modules/npm-groovy-lint/node_modules/amplitude/node_modules/axios/package.json",
          "installed_version": "0.26.1",
          "fixed_version": "1.6.0, 0.28.0",
          "cvss_v2_score": "",
          "cvss_v3_score": "6.5",
          "status_summary": {
            "priority": "MEDIUM",
            "status": "FAILED"
          }
        }
      ],

[nvuillam]

@AbhishekRatnawat amplitude has last publish 2 years ago so does not seem maintained

That's ok coz anyway i've not checked anonymous telemetry for more than that, so I can remove it from the dependencies :)

[nvuillam]

@AbhishekRatnawat released in v14.4.0 :)