Skip to content
This repository has been archived by the owner on Jul 25, 2024. It is now read-only.

Vulnarability in axios #16

Closed
Mwandia opened this issue Nov 11, 2022 · 1 comment
Closed

Vulnarability in axios #16

Mwandia opened this issue Nov 11, 2022 · 1 comment

Comments

@Mwandia
Copy link

Mwandia commented Nov 11, 2022
edited
Loading

Axios version 0.19.2 has a vulnarability to SSRF as described further in PR #3410 on the axios repo.

Motivation

This is a severe vulnarability, the dependabot has attempted to update the package in PR #4 but the several tests failed in the build pipelines

Contribution

I can manually update axios package version to the lowest version that has the vulnarability patched. Also by changing some tests to handle current response formats from africastalking APIs. For example:

  • Token: test 'generates auth token' expects result to contain key 'lifetimeInSeconds' but this is not part of response
@Mwandia Mwandia changed the title Severe vulnarability in axios Vulnarability in axios Nov 11, 2022
@tawn33y
Copy link
Owner

tawn33y commented Jul 25, 2024

Closing - please read more here.

@tawn33y tawn33y closed this as completed Jul 25, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tawn33y @Mwandia