search

rxaviers / cldr-data-npm

Npm module for Unicode CLDR JSON data
MIT License
42 stars 27 forks source link

Vulnerability: axios (npm) #83

Open WilliamHolmes opened 9 months ago

WilliamHolmes commented 9 months ago

A vulnerable version of the axios package is being included by cldr-data-downloader

https://www.cve.org/CVERecord?id=CVE-2023-45857

│ └─┬ cldr-data@36.0.1
│   └─┬ cldr-data-downloader@1.0.0-1
│     └── axios@0.26.1
gan0928 commented 8 months ago

Any update?

WilliamHolmes commented 8 months ago

I guess there's a dependency on this ticket