This request is to bump the version of Axios used by this package from 1.7.9 to current latest, 1.15.2 or newer. We prefer not to use overrides in package.json to do this, so I'm opening an issue to request this.
At my present company, we are including this package as a production dependency on an API running on Node. The project is also being scanned by security tool Wiz.io which is flagging our lockfile as having vulnerabilities because Plaid pulls in this older version of Axios. The CVEs we are being flagged for are listed in the table below.
Referenced code:
https://github.com/plaid/plaid-node/blob/master/package-lock.json#L119-L120
https://github.com/plaid/plaid-node/blob/master/package.json#L22-L24
This request is to bump the version of Axios used by this package from 1.7.9 to current latest, 1.15.2 or newer. We prefer not to use overrides in package.json to do this, so I'm opening an issue to request this.
At my present company, we are including this package as a production dependency on an API running on Node. The project is also being scanned by security tool Wiz.io which is flagging our lockfile as having vulnerabilities because Plaid pulls in this older version of Axios. The CVEs we are being flagged for are listed in the table below.
Referenced code:
https://github.com/plaid/plaid-node/blob/master/package-lock.json#L119-L120
https://github.com/plaid/plaid-node/blob/master/package.json#L22-L24