Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Axios version update #1820

Closed
j-luong opened this issue Jan 14, 2021 · 1 comment · Fixed by #1822
Closed

Axios version update #1820

j-luong opened this issue Jan 14, 2021 · 1 comment · Fixed by #1822

Comments

@j-luong
Copy link

j-luong commented Jan 14, 2021

Description
Currently our team is using opentelemetry/exporter-collector, and our security audit is flagging this package as a high security vulnerability due to the axios version it uses:

│ high │ Server-Side Request Forgery │
│ Package │ axios │
│ Patched in │ >=0.21.1 │
│ Dependency of │ @opentelemetry/exporter-collector |
│ Path │ @opentelemetry/exporter-collector > axios |
│ More info │ https://www.npmjs.com/advisories/1594 |

I was hoping to get a timeframe on if/when this can be updated.
I've searched for any related issues and avoided creating a duplicate issue.
@dyladan
Copy link
Member

dyladan commented Jan 14, 2021

Turns out the dependency isn't even used. I'll remove it today

@dyladan dyladan mentioned this issue Jan 14, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore: remove unused dependency dynatrace-oss-contrib/opentelemetry-js
2 participants
@dyladan @j-luong