npm audit fails with security vulnerability for dependent axios 1.8.2 #3599
Replies: 2 comments
-
|
I fixed my repo by adding overrides for axios |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
we seem to already be on 1.8.2 - try updating as 0.8 is pretty old, we are on 0.11 now |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ high │ axios Requests Vulnerable To Possible SSRF and │
│ │ Credential Leakage via Absolute URL │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package │ axios │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ <1.8.2 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions │ >=1.8.2 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths │ apps\my-demo-app > │
│ │ @module-federation/enhanced@0.8.11 > │
│ │ @module-federation/dts-plugin@0.8.11 > axios@1.7.9 │
│ │ │
│ │ apps\my-demo-app > │
│ │ @module-federation/enhanced@0.8.11 > │
│ │ @module-federation/manifest@0.8.11 > │
│ │ @module-federation/dts-plugin@0.8.11 > axios@1.7.9 │
│ │ │
│ │ apps\my-demo-app > │
│ │ @module-federation/enhanced@0.8.11 > │
│ │ @module-federation/rspack@0.8.11 > │
│ │ @module-federation/dts-plugin@0.8.11 > axios@1.7.9 │
│ │ │
│ │ ... Found 4 paths, run
pnpm why axiosfor more ││ │ information │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info │ GHSA-jr5f-v2jv-69x6 │
└─────────────────────┴────────────────────────────────────────────────────────┘
Beta Was this translation helpful? Give feedback.
All reactions