Hello,
Hope you are doing,
This is an issue to upgrade axios to latest version as the current version "0.21.1" has a high vulnerability (Cross-Site Request Forgery Vulnerability).
PS there is a already a dependabot PR,
Love to help on this if needed,
Thanks
npm audit
# npm audit report
axios <=0.29.0
Severity: high
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL - https://github.com/advisories/GHSA-jr5f-v2jv-69x6
fix available via `npm audit fix --force`
Will install @socketlabs/email@1.1.1, which is a breaking change
node_modules/@socketlabs/email/node_modules/axios
@socketlabs/email >=1.2.1
Depends on vulnerable versions of axios
node_modules/@socketlabs/email
2 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Hello,
Hope you are doing,
This is an issue to upgrade axios to latest version as the current version "0.21.1" has a high vulnerability (Cross-Site Request Forgery Vulnerability).
PS there is a already a dependabot PR,
Love to help on this if needed,
Thanks