opencommit icon indicating copy to clipboard operation
opencommit copied to clipboard

Published 20 hours ago • verified publisher icon di-sukharev

[Bug]: openai-node outdated

Open stephane-martin opened this issue 1 year ago • 3 comments

Opencommit Version

1.0.2

Node Version

18.17.1

NPM Version

9.6.7

What OS are you seeing the problem on?

Other Linux Distro

What happened?

  • opencommit requires openai "^3.2.1".
  • which requires axios "^0.26.0".
  • axios < 1.6.0 is subject to CVE-2023-45857.
  • (which makes dependabot protest in projects including opencommit)

Expected Behavior

up to date openai-node dependency

Current Behavior

dependabot reports outdated axios

Possible Solution

update openai-node to v4.17.x

Steps to Reproduce

N/A

Relevant log output

axios >= 0.8.1, < 1.6.0
An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

stephane-martin avatar Nov 13 '23 23:11 stephane-martin

Stale issue message

github-actions[bot] avatar Dec 24 '23 21:12 github-actions[bot]

reopening, will take a look at this

di-sukharev avatar Feb 28 '24 06:02 di-sukharev

@stephane-martin please update to the latest npm i -g opencommit@latest version and close the issue if its not bothering anymore

di-sukharev avatar Mar 03 '24 11:03 di-sukharev