Boggs_Daniel | 2023-11-10 14:54:35 UTC | #1
As of purecloud-platform-client-v2 version 181.0.0, I see the following npm security vulnerability report:
> npm audit
# npm audit report
axios 0.8.1 - 1.5.1
Severity: Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
Will install purecloud-platform-client-v2@137.0.1, which is a breaking change
node_modules/purecloud-platform-client-v2/node_modules/axios
purecloud-platform-client-v2 >=137.1.0
Depends on vulnerable versions of axios
node_modules/purecloud-platform-client-v2
2 To address all issues (including breaking changes), run:
npm audit fix --force
moderate
fix available via `npm audit fix --force`
moderate severity vulnerabilities
Process terminated with code 1.
See https://github.com/advisories/GHSA-wf5p-g6vw-rhxx.
tim.smith | 2023-11-10 15:36:21 UTC | #2
@Boggs_Daniel the fix for this is in process and should be released soon. As a workaround for now, I believe you should be able to simply force install the updated axios version in your project using the suggested command above, or manually like npm i axios@1.6.1 --force, or however your environment manages packages. I've updated a few other projects I use that were using axios (not with the SDK) and there weren't any changes to its API.
Declan_ginty | 2023-11-14 11:43:40 UTC | #3
Hi @Boggs_Daniel
A new version of the javascript sdk has been released, 182.0.0 with the latest version of axios.
Regards, Declan
system | 2023-12-15 11:44:30 UTC | #4
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.
This post was migrated from the old Developer Forum.
ref: 23062