@reservoir0x/reservoir-sdk depends on vulnerable versions of axios

[FrancoAguzzi]

After running npm audit in my project, the following vulnerability was raised:

I am using these lib's version:

  "@reservoir0x/reservoir-kit-ui": "1.22.0",
  "@reservoir0x/reservoir-sdk": "1.12.3",

Does the team have any plan on acting on this so lib's source code does not rely on a vulnerable external lib version?

[pedromcunha]

Hi, did this get patched in axios yet? Once it is we'll upgrade axios to the version that has the patch.

Edit:
Looks like we're on a pretty old version of axios, going to upgrade this to fix any security vulnerabilities that have already been patched by axios. Should have something within a few days. Thank you for bringing this up.

[FrancoAguzzi]

Hi @pedromcunha, I assume so! axios/axios#6022 (comment)

And I feel happy that this collaborated with your tech evolution, yw 😃👍🏼

[pedromcunha]

Alright, the patch is out in the latest release, let me know if you run into any issues and happy coding!

[FrancoAguzzi]

Audit is not anymore triggering warnings and application's build ran perfectly. Thanks a lot, @pedromcunha 😊🙏🏼