Latest released version (1.7.0) contains Axios CVE-2023-45857

yakovkhalinsky / backblaze-b2

Node.js Library for the Backblaze B2 Storage Service

MIT License

191 stars 59 forks source link

Latest released version (1.7.0) contains Axios CVE-2023-45857 #133

Open jracabado opened 10 months ago

jracabado commented 10 months ago

The fix has already been merged in master (99b7eb0abff808ac9470a60a39c7f5e22c464b0f), could we get a new NPM release with this?

SnowySailor commented 2 months ago

Bumping this @yakovkhalinsky

Installing with npm install backblaze-b2 will install the version with the vulnerability. You will need to bump the version number to 1.7.1 and npm publish this package again for the vulnerability fix to be available for others.