Axios dependency out of date

[setstream]

The version of Axios used is 0.19.0 which has the following vulnerability:

https://github.com/advisories/GHSA-4w2v-q235-vp99

Axios 0.21.1 fixes this.

[gregg-cbs]

Yeah this is a bad one causing lots of vulnerabilities:

axios  <=0.21.1
Severity: high
Axios vulnerable to Server-Side Request Forgery - https://github.com/advisories/GHSA-4w2v-q235-vp99
axios Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-cph5-m8f7-6c5x
Depends on vulnerable versions of follow-redirects
No fix available
node_modules/axios
  @woocommerce/woocommerce-rest-api  *
  Depends on vulnerable versions of axios
  node_modules/@woocommerce/woocommerce-rest-api

[Rok-fullstack]

Any update on this?

I still get the following vulnerabilities:

`# npm audit report

axios <=0.21.1 Severity: high Axios vulnerable to Server-Side Request Forgery - https://github.com/advisories/GHSA-4w2v-q235-vp99 axios Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-cph5-m8f7-6c5x Depends on vulnerable versions of follow-redirects No fix available node_modules/@woocommerce/woocommerce-rest-api/node_modules/axios @woocommerce/woocommerce-rest-api * Depends on vulnerable versions of axios node_modules/@woocommerce/woocommerce-rest-api

follow-redirects <=1.14.7 Severity: high Exposure of sensitive information in follow-redirects - https://github.com/advisories/GHSA-74fj-2j2h-c42q Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - https://github.com/advisories/GHSA-pw2r-vq6v-hr8c No fix available node_modules/@woocommerce/woocommerce-rest-api/node_modules/follow-redirects

3 vulnerabilities (1 moderate, 2 high)

Some issues need review, and may require choosing a different dependency.`

Best regards!

[gregg-cbs]

This library is not maintained. I think Its best to fork it and update the packages that you need to.