Use of axios lower than 1.6.0 results in CVE-2023-45857

[andyedwardsibm]

This module is using axois@^0.25.0

logger-node/package.json

Line 109 in 87463cb

"axios": "^0.25.0",

This makes it vulnerable to CVE-2023-45857:

• https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
• CVE-2023-45857 (CWE-359) XSRF-TOKEN value is disclosed to an unauthorised actor axios/axios#6006

Moving to at least 1.6.0 resolves the CVE

[darinspivey]

Thanks for reporting this, @andyedwardsibm . This showed up in our security scans as well, and the notifications for that system have been made louder so we're aware of issues moving forward.

[logdnabot]

🎉 This issue has been resolved in version 2.6.8 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀