apisauce icon indicating copy to clipboard operation
apisauce copied to clipboard

Published 20 hours ago verified publisher icon infinitered

Vulnerability introduced by package follow-redirects

Open ankush-gaba-bluejeans opened this issue 2 years ago • 1 comments

Hi, @skellock @rdewolff , there is a vulnerability introduced in your package apisauce:

ISSUE DESCRIPTION:

A vulnerability CVE-2022-0536 is introduced in apisauce package through the dependency axios which is 0.21.4 using the follow-redirects package 1.14.0 which actually has this vulnerability. So this vulnerability was patched in the version 1.14.9 of follow-redirects

SUGGESTED SOLUTION:

Need to upgrade the version of axios in apisauce to atleast 0.27.2 as axios 0.27.2 is using the 1.14.9 version of follow-redirects so that the vulnerability is fixed in it

Thanks for your contributions

Regards, Ankush Gaba

ankush-gaba-bluejeans avatar Dec 23 '22 05:12 ankush-gaba-bluejeans

@ankush-gaba-bluejeans Can you please create PR for it in this project?

pgodha avatar Jan 06 '23 08:01 pgodha