Closed amirzahavi closed 6 months ago
Closing as per https://github.com/ory/sdk/pull/303#issuecomment-1812111204
Closing as per https://github.com/ory/sdk/pull/303#issuecomment-1812111204
Hey @aeneasr, I understand now that the code is auto-generated, unfortunately, the linked comment states that it will be done in a couple of days (Nov 2023), but the Axios dependency is still a very old version.
Thanks 🙏🏽
Hey @aeneasr
To @amirzahavi point, from what I can see the client is still a two year old version of Axios(or am I missing something?):
https://github.com/ory/sdk/blob/master/clients/client/typescript/package-lock.json#L30-L31
It is difficult for us to motivate staying customers of Ory Network (which was primarily a move done for security purposes) if dependencies to client libraries are not maintained, especially when the dependencies have open security vulnerabilities.
Do you run vulnerability scanning on the SDKs that you mention on your webpage?
In 1.5.2 version of the client it uses a new version of axios 🎉
Related Issue or Design Document
305
Checklist
Further comments