Upgrade axios version (1.6.8) due an open vulnerailtity [CVE-2024-39338] for 5.0.0 releaese version. #281

0zymandia5 · 2024-08-12T17:28:54Z

Steps to reproduce : Run mend scan
Expected behavior : No vulnerabilities being opened due the dependency of axios version
Actual behavior : Vulnerability got opened; https://www.mend.io/vulnerability-database/CVE-2024-39338
Node version: 18.17.1
SDK version: 5.0.0

dpopp07 · 2024-08-12T17:52:15Z

Thanks - I will open a PR to fix today

ibm-devx-sdk · 2024-08-14T14:19:01Z

🎉 This issue has been resolved in version 5.0.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

dpopp07 mentioned this issue Aug 12, 2024

fix(deps): update axios to resolve vulnerability #282

Merged

dpopp07 closed this as completed in #282 Aug 12, 2024

ibm-devx-sdk added the released label Aug 14, 2024

Provide feedback