Axios Dependency is out of date - Githubissues

pajaydev / ebay-node-api

eBay API Client for node

https://pajaydev.github.io/ebay-node-api

MIT License

132 stars 76 forks source link

Axios Dependency is out of date #168

Open jauntyjocularjay opened 5 months ago

jauntyjocularjay commented 5 months ago

Issue or Enhancement

[x] Issue
[ ] Enhancement / Improvement

Steps to reproduce

$ npm i ebay-node-api

Expected Behavior

No npm audit report

Actual Behavior

# npm audit report

axios  0.8.1 - 0.27.2
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
fix available via `npm audit fix --force`
Will install axios@1.7.2, which is a breaking change
node_modules/axios
  ebay-node-api  >=2.8.9
  Depends on vulnerable versions of axios
  node_modules/ebay-node-api