Skip to content

fix(deps): update axios to ^1.0.0 and uuid to ^11.0.0 to fix multiple CVEs#1

Open
sstremovsky wants to merge 1 commit into
securitybunker:mainfrom
sstremovsky:fix/security-deps-20260609
Open

fix(deps): update axios to ^1.0.0 and uuid to ^11.0.0 to fix multiple CVEs#1
sstremovsky wants to merge 1 commit into
securitybunker:mainfrom
sstremovsky:fix/security-deps-20260609

Conversation

@sstremovsky

Copy link
Copy Markdown

Security Dependency Updates

Resolves Dependabot security alerts by updating package.json version constraints.

Packages updated

  • axios: ^0.21.1 → ^1.0.0 (CVEs: SSRF, ReDoS, prototype pollution, credential leak, header injection)
  • uuid: ^8.3.2 → ^11.0.0 (CVE: missing buffer bounds check)

Notes

After merging, run npm install to regenerate package-lock.json with the updated versions.

See the Dependabot alerts in the Security tab for full CVE details.


🤖 Generated with Claude Code

@CLAassistant

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

Packages updated:
- axios: ^0.21.1 → ^1.0.0 (CVEs: SSRF, ReDoS, prototype pollution, credential leak, header injection)
- uuid: ^8.3.2 → ^11.0.0 (CVE: missing buffer bounds check)

Fixes Dependabot security alerts.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants