Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability: axios (npm) #83

Open
WilliamHolmes opened this issue Nov 14, 2023 · 5 comments
Open

Vulnerability: axios (npm) #83

WilliamHolmes opened this issue Nov 14, 2023 · 5 comments

Comments

@WilliamHolmes
Copy link

A vulnerable version of the axios package is being included by cldr-data-downloader

https://www.cve.org/CVERecord?id=CVE-2023-45857

│ └─┬ [email protected]
│   └─┬ [email protected]
│     └── [email protected]
@gan0928
Copy link

gan0928 commented Jan 12, 2024

Any update?

@WilliamHolmes
Copy link
Author

I guess there's a dependency on this ticket

@acofer
Copy link

acofer commented Oct 2, 2024

#85 would fix it, opened two weeks ago. Any maintainers around to let us know if that can be merged?

@neginkheradmandian
Copy link

  • update cldr-data to last version
  • update cldr-data-downlaoder to last version
  • add
"overrides": {
   "axios": "latest"
 },

to package.json resolve this issue for me

@jpshaw45
Copy link

jpshaw45 commented Feb 3, 2025

When can we expect this release(#85) to be available?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@acofer @WilliamHolmes @neginkheradmandian @gan0928 @jpshaw45