search

reportportal / client-javascript

This Client is to communicate with the ReportPortal on Node.js.
https://www.npmjs.com/package/@reportportal/client-javascript
Apache License 2.0
16 stars 51 forks source link

Seeing a security vulnerability with the axios version used by this library. #210

Closed quldude closed 1 month ago

quldude commented 1 month ago

Versions I'm using in my package json:

"@reportportal/client-javascript": "^5.1.4"
"axios": "^1.7.3",

Getting this error when running npm install; npm audit:

# npm audit report

axios  >=1.3.2
Severity: high
Server-Side Request Forgery in axios - https://github.com/advisories/GHSA-8hc4-vh64-cxmj
fix available via `npm audit fix --force`
Will install axios@1.3.1, which is a breaking change
node_modules/axios
  @reportportal/client-javascript  >=5.1.0
  Depends on vulnerable versions of axios
  node_modules/@reportportal/client-javascript
    @reportportal/agent-js-playwright  >=5.1.7
    Depends on vulnerable versions of @reportportal/client-javascript
    node_modules/@reportportal/agent-js-playwright

3 high severity vulnerabilities
quldude commented 1 month ago

This is an axios issue: https://github.com/axios/axios/issues/6463