Package requires a security update

Question

plamber opened this issue 5 months ago · 2 comments

We recently upgraded to the latest version 1.17.0 and we receive a high severity vulnerability caused by axios.

Server-Side Request Forgery in axios - GHSA-8hc4-vh64-cxmj

Would it be possible to update the package with the hotfixes?

Thank you

Answer 1 · 2024-08-13T15:48:47.000Z

This advisory says that a vulnerability still exists and isn't resolved until axios 1.7.3

Answer 2 · 2024-08-15T03:28:34.000Z

🎉 This issue has been resolved in version 1.17.6 🎉

The release is available on:

Your semantic-release bot 📦🚀