Skip to content
This repository has been archived by the owner on Jul 17, 2024. It is now read-only.

Security warnings when installing sdk #18

Open
rameshvenk opened this issue May 8, 2023 · 2 comments
Open

Security warnings when installing sdk #18

rameshvenk opened this issue May 8, 2023 · 2 comments

Comments

@rameshvenk
Copy link

The following security warnings were produced when installing the sdk. Please review and fix as appropriate.

# npm audit report

axios  <=0.21.1
Severity: high
Axios vulnerable to Server-Side Request Forgery - https://github.com/advisories/GHSA-4w2v-q235-vp99
axios Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-cph5-m8f7-6c5x
Depends on vulnerable versions of follow-redirects
No fix available
node_modules/axios
  f5-sdk-js  *
  Depends on vulnerable versions of axios
  node_modules/f5-sdk-js

follow-redirects  <=1.14.7
Severity: high
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - https://github.com/advisories/GHSA-pw2r-vq6v-hr8c
Exposure of sensitive information in follow-redirects - https://github.com/advisories/GHSA-74fj-2j2h-c42q
No fix available
node_modules/follow-redirects

3 vulnerabilities (1 moderate, 2 high)

Some issues need review, and may require choosing
a different dependency.
@DumpySquare
Copy link
Member

@rameshvenk , depending on what your trying to accomplish, this project may also serve your needs.
https://github.com/f5devcentral/f5-conx-core

@rameshvenk
Copy link
Author

@DumpySquare Thank you. I was trying to use the sdk as part of some automation testing. I will try with the new repo details that you have provided.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DumpySquare @rameshvenk