npm audit reports dependency on vulnerable version of axios

voxeet / voxeet-sdk-web

The Dolby.io Communications SDK for Web.

https://www.npmjs.com/package/@voxeet/voxeet-web-sdk

Other

4 stars 2 forks source link

npm audit reports dependency on vulnerable version of axios #26

Closed nemesisridiculii closed 6 months ago

nemesisridiculii commented 9 months ago

I have a project that uses @dolbyio/comms-uikit-react@1.3.1 (the latest version as of this writing) which has @voxeet/voxeet-web-sdk@3.11.0 (also the current version). When I preform an npm audit in my project, I get a report that voxeet-web-sdk references a vulnerable version of axios. There is more information about the axios vulnerability here: https://github.com/advisories/GHSA-wf5p-g6vw-rhxx.

Are there plans to update this dependency to resolve this vulnerability?

FabienLavocat commented 6 months ago

Hi @nemesisridiculii, we have released the version 3.11.1 of the SDK that fixes this vulnerability issue.

nemesisridiculii commented 6 months ago

Looks good. Thank you for the update!