You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
tl;dr - wait-on dependency needs updated to update axios sub-dependency version
Describe the bug
Nested dependency axios needs updated for CVE-2023-45857 (axios/axios#6006) this is fixed in axios.
This dependency appears to stem from the wait-on package that has since updated to fix this: jeffbski/wait-on#147
Expected outcome
Update wait-on dependency to v7.2.0+
The text was updated successfully, but these errors were encountered:
Fixed in 6.0.0 (Jun 23, 2022), latest version 7.0.0 (Oct 27, 2023).
Complete audit report:
axios 0.8.1 - 1.5.1
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
fix available via `npm audit fix --force`
Will install @azure/static-web-apps-cli@0.2.1, which is a breaking change
node_modules/axios
wait-on 5.0.0-rc.0 - 7.1.0
Depends on vulnerable versions of axios
node_modules/wait-on
@azure/static-web-apps-cli >=0.3.0
Depends on vulnerable versions of update-notifier
Depends on vulnerable versions of wait-on
node_modules/@azure/static-web-apps-cli
got <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix --force`
Will install @azure/static-web-apps-cli@0.2.1, which is a breaking change
node_modules/got
package-json <=6.5.0
Depends on vulnerable versions of got
node_modules/package-json
latest-version 0.2.0 - 5.1.0
Depends on vulnerable versions of package-json
node_modules/latest-version
update-notifier 0.2.0 - 5.1.0
Depends on vulnerable versions of latest-version
node_modules/update-notifier
tl;dr -
wait-on
dependency needs updated to updateaxios
sub-dependency versionDescribe the bug
Nested dependency axios needs updated for CVE-2023-45857 (axios/axios#6006) this is fixed in axios.
This dependency appears to stem from the
wait-on
package that has since updated to fix this: jeffbski/wait-on#147Expected outcome
Update wait-on dependency to v7.2.0+
The text was updated successfully, but these errors were encountered: