Depends on vulnerable versions of axios、Depends on vulnerable versions of cos-js-sdk-v5

tencentyun / vod-js-sdk-v6

MIT License

36 stars 127 forks source link

Depends on vulnerable versions of axios、Depends on vulnerable versions of cos-js-sdk-v5 #16

Open janetleung opened 3 years ago

janetleung commented 3 years ago

axios <0.21.1 Severity: high Server-Side Request Forgery - https://npmjs.com/advisories/1594 fix available via npm audit fix --force Will install vod-js-sdk-v6@0.0.1, which is a breaking change node_modules/axios vod-js-sdk-v6 * Depends on vulnerable versions of axios Depends on vulnerable versions of cos-js-sdk-v5 node_modules/vod-js-sdk-v6