Skip to content

[Question] Vulnerability Handling for Axios packages #972

Description

@alexlianides

Currently openapi-generator-cli's package.json has the following minimum versions set for axios packages:

"@nestjs/axios": "^4.0.0",
"axios": "^1.8.4",

https://github.com/OpenAPITools/openapi-generator-cli/blob/9be75d760ce8bd2b1dec103dbf65132f898a6a44/package.json#L82C4-L87C23

However, form-data 4.0.3 has security vulnerabilities and is a child dependency of the axios package, which itself is a child dependency of nestjs/axios.

axios and nestjs/axios resolved these issues by upgrading their packages in the following recent releases:

Can the minimum versions for openapi-generator-cli be updated to the following versions to remove the security vulnerability?

"@nestjs/axios": "^4.0.1",
"axios": "^1.11.0",

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions