search

smarty / smartystreets-javascript-sdk

The official client libraries for accessing SmartyStreets APIs from javascript.
https://smartystreets.com/docs/sdk/javascript
Apache License 2.0
31 stars 30 forks source link

Upgrade Axios (when available) #87

Closed bdbvb closed 1 month ago

bdbvb commented 2 months ago

smartystreets-javascript-sdk version 5.1.3

Seeing high severity issue in npm audit related to axios:

   "axios": {
      "name": "axios",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1098582,
          "name": "axios",
          "dependency": "axios",
          "title": "Server-Side Request Forgery in axios",
          "url": "https://github.com/advisories/GHSA-8hc4-vh64-cxmj",
          "severity": "high",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": ">=1.3.2 <=1.7.3"
        }
      ],
      "effects": [
        ...
        "smartystreets-javascript-sdk"
      ],
      "range": ">=1.3.2",
      "nodes": [
        "node_modules/axios"
      ],
      "fixAvailable": false
    },
dave-smartystreets commented 2 months ago

Thanks for letting us know. I'll get this looked at soon.