Describe the security issue
Our Snyk security scanning has indicated that the Axios dependency used in the logzio-nodejs package has some critical severity CVEs and is blocking our merge/deployment pipeline.
We are using logzio-nodejs@^2.1.5. This issue is still present in logzio-nodejs as of 2.5.0, however (
).
I wasn't sure if your team had been made aware of this yet. The vulnerabilities are quite new, and your open PRs show an update to Axios ^1.15.0 (#147), but both CVEs were fixed with Axios 1.15.1.
I'll attach the Snyk reports on them here, for your review.
https://security.snyk.io/vuln/SNYK-JS-AXIOS-16299904
https://security.snyk.io/vuln/SNYK-JS-AXIOS-16298058
Please let me know if I can provide any more information.
Additional context
No response
Describe the security issue
Our Snyk security scanning has indicated that the Axios dependency used in the logzio-nodejs package has some critical severity CVEs and is blocking our merge/deployment pipeline.
We are using logzio-nodejs@^2.1.5. This issue is still present in logzio-nodejs as of 2.5.0, however (
logzio-nodejs/package.json
Line 53 in 8fc36df
I wasn't sure if your team had been made aware of this yet. The vulnerabilities are quite new, and your open PRs show an update to Axios ^1.15.0 (#147), but both CVEs were fixed with Axios 1.15.1.
I'll attach the Snyk reports on them here, for your review.
https://security.snyk.io/vuln/SNYK-JS-AXIOS-16299904
https://security.snyk.io/vuln/SNYK-JS-AXIOS-16298058
Please let me know if I can provide any more information.
Additional context
No response