search

rxaviers / cldr-data-npm

Npm module for Unicode CLDR JSON data
MIT License
42 stars 28 forks source link

Vulnerability: axios (npm) #83

Open WilliamHolmes opened 1 year ago

WilliamHolmes commented 1 year ago

A vulnerable version of the axios package is being included by cldr-data-downloader

https://www.cve.org/CVERecord?id=CVE-2023-45857

│ └─┬ cldr-data@36.0.1
│   └─┬ cldr-data-downloader@1.0.0-1
│     └── axios@0.26.1
gan0928 commented 10 months ago

Any update?

WilliamHolmes commented 10 months ago

I guess there's a dependency on this ticket

acofer commented 1 month ago

https://github.com/rxaviers/cldr-data-npm/pull/85 would fix it, opened two weeks ago. Any maintainers around to let us know if that can be merged?

neginkheradmandian commented 2 weeks ago