DataDog/serverless-plugin-datadog

CVE in version of Axios

psinglet opened this issue · 1 comments

psinglet commented

Expected Behavior

No CVE's returned in Scans

Actual Behavior

Issues with no direct upgrade or patch:
✗ Cross-site Request Forgery (CSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459] in axios@0.21.4
introduced by serverless-plugin-datadog@5.51.0 > @datadog/datadog-ci@2.23.0 > axios@0.21.4

Steps to Reproduce the Problem

Scan with Snyk

Specifications

  • Serverless Framework version:
  • Datadog Serverless Plugin version:
  • Lambda function runtime (Python 3.7, Node 10, etc.):

Stacktrace

Paste here
astuyve commented

Dupe of #436, the upstream dependency was just released so we can do a release of this today.