-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
security issue in dependency #1171
Comments
Issue is related to Axios SSRF vulnerability. Here's more details on that https://security.snyk.io/vuln/SNYK-JS-AXIOS-7361793 |
We also facing issues in our Audit pipeline too.. Is there a fix planned ? |
We need to wait for this pr to merge. |
Thanks 😃 |
PR already merged 😀 |
Yup but they need to release it as V1.7.4. I assumed that would happen after the merge but i seems like there's issues with it. Cause it changes the way some things are handled(not spec compliant I believe). But they are working on a fix. axios/axios#6463 (comment). axios/axios#6539 (comment). Once 1.7.4 the bot will automatically update it. (I think) |
Is there an existing issue for this?
Current behavior
Performing
npm audit
returns security issue inside axios.Minimum reproduction code
GHSA-8hc4-vh64-cxmj
Steps to reproduce
npm audit
npm audit fix
npm audit
Expected behavior
npm audit | grep "found 0 vulnerabilities"
Package version
3.0.2
NestJS version
10.4.0
Node.js version
20.12.2
In which operating systems have you tested?
Other
VSCode devcontainer running Oracle Linux 8
The text was updated successfully, but these errors were encountered: