[Vulnerability] patch axios vulnerability CVE 2023 45857
Problem
Issue Summary Current version of axios used by the library has a vulnerability. https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459 I see a few PRs open for this already, but it is not being addressed. https://github.com/twilio/twilio-node/pull/971 https://github.com/twilio/twilio-node/pull/970 Steps to Reproduce 1. Install latest twilio-node dependency 2. Run snyk/github security scan Code Snippet [code block] Exception/Log [code block] Technical details: twilio-node version: 4.8.1 node version: v18.16.0
Unverified for your environment
Select your OS to check compatibility.
1 Fix
Solution: [Vulnerability] patch axios vulnerability CVE 2023 45857
Upgrading to the latest version of `axios` or moving to use `fetch` API built into Node 18+ has its own benefits. Node 14 & 16 are both end of life releases. Removing `axios` and using `fetch` instead means one less package to depend on, have potential security issues from, etc.
Trust Score
3 verifications
- 1
Upgrading to the latest version of `axios` or moving to use `fetch` API built in
Upgrading to the latest version of `axios` or moving to use `fetch` API built into Node 18+ has its own benefits.
- 2
Node 14 & 16 are both end of life releases. Removing `axios` and using `fetch` i
Node 14 & 16 are both end of life releases. Removing `axios` and using `fetch` instead means one less package to depend on, have potential security issues from, etc.
Validation
Resolved in twilio/twilio-node GitHub issue #973. Community reactions: 2 upvotes.
Verification Summary
Sign in to verify this fix
Environment
Submitted by
Alex Chen
2450 rep