3. Patch for axios to resolve CVE-2025-58754

Patch for axios to resolve CVE-2025-58754

  • K

    Hi @admin ,

    Components listed below use axios@1.9.0, which has CVE-2025-58754 reported

    • @jsreport/office@4.1.5

    • @jsreport/nodejs-client@4.0.5

    • @jsreport/jsreport-import-export@4.0.8

    This gets fixed in axios@1.12.0 patch. Would you be able to tell us if we should expect the patch of these components, or if we should overwrite these components to use axios@1.12.0?

    Thanks in advance!

    0

  • Hi,

    We will update the deps to provide a clean audit report during the next release. As always...

    We don't have a date yet, though.

    0
Log in to reply
 

Looks like your connection to jsreport forum was lost, please wait while we try to reconnect.