backblaze-b2 icon indicating copy to clipboard operation
backblaze-b2 copied to clipboard
verified publisher icon yakovkhalinsky

Latest released version (1.7.0) contains Axios CVE-2023-45857

Open jracabado opened this issue 1 year ago • 1 comments

The fix has already been merged in master (99b7eb0abff808ac9470a60a39c7f5e22c464b0f), could we get a new NPM release with this?

jracabado avatar Jan 03 '24 11:01 jracabado

Bumping this @yakovkhalinsky

Installing with npm install backblaze-b2 will install the version with the vulnerability. You will need to bump the version number to 1.7.1 and npm publish this package again for the vulnerability fix to be available for others.

SnowySailor avatar Sep 13 '24 05:09 SnowySailor

hello @yakovkhalinsky The severity of vulnerabilities has gone from medium to high now. Would really appreciate if you could make a new release!

Image

hotmailbelike avatar Mar 12 '25 07:03 hotmailbelike

Any chance this trivial thing can be fixed? Literally no brain power needed

Webkadabra avatar May 17 '25 19:05 Webkadabra

Sorry folks. I published 1.7.1 which should fix the vulnerability warnings by updating to the latest version of axios.

I no longer use B2 nor do I have any interest so I'll be removing myself from the repo/npm package from this point on. I'd suggest that if there's anyone willing to take on maintainership and take care of some of the lingering issues/PRs they should ask @yakovkhalinsky to pass the reins!

odensc avatar May 26 '25 21:05 odensc