search

tronprotocol / tronweb

Javascript API Library for interacting with the TRON Network
MIT License
413 stars 271 forks source link

Moderate security vulnerability for versions of Axios (Dependency) #472

Closed boxexchanger closed 6 months ago

boxexchanger commented 7 months ago

Hi tronweb developers, your package have moderate security vulnerability in the npm audit

1. Cross-site Request Forgery (CSRF) (fixed in 1.6.0)

SNYK-JS-AXIOS-6032459 CVE-2023-45857

2. Prototype Pollution (fixed in 1.6.4)

SNYK-JS-AXIOS-6144788

The fixed version is Axios 1.6.4 and higher. I suggest we migrate towards that one.

svein1010 commented 7 months ago

Thanks a lot, we will fix this issue next version.

boxexchanger commented 6 months ago

Hello @unicornonea, what's the news on this issue, do you have any estimate about this task?

DmytroShalaiev commented 6 months ago

Me here for the same question, thanks

unicornonea commented 6 months ago

Hi, the new version will be published in three days.

boxexchanger commented 6 months ago

Thank you! In v5.3.2 the issue has been resolved.