Closed beanow-at-crabnebula closed 4 months ago
No response
The security vulnerability fixed by upgrading axios (see #289) also applies to the clients targeting the stable open source releases.
See https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
Kratos v1.0.0
None
It probably warrants a patch release for each of the respective clients.
There's a fix available now: v1.1.0 regenerated with the fixed axios. https://www.npmjs.com/package/@ory/kratos-client/v/1.1.0?activeTab=code
Preflight checklist
Ory Network Project
No response
Describe the bug
The security vulnerability fixed by upgrading axios (see #289) also applies to the clients targeting the stable open source releases.
Reproducing the bug
See https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
Relevant log output
No response
Relevant configuration
No response
Version
Kratos v1.0.0
On which operating system are you observing this issue?
None
In which environment are you deploying?
None
Additional Context
It probably warrants a patch release for each of the respective clients.