axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL

[AntonioVentilii]

Hi,

This is similar to what peterpeterparker reported in August 2024 with #443 .

I'm opening this issue to point out that npm audit is currently reporting a vulnerability with the alchemy-sdk-js, which is related to the inherited dependency axios. It would be great if you could bump the version to fix the security warning.

axios <1.8.2
Severity: high
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL - GHSA-jr5f-v2jv-69x6
fix available via npm audit fix
node_modules/axios

[AntonioVentilii]

@thebrianchen may you please have a look here? It would really help our development

[AntonioVentilii]

Being solved by:

• Bump axios version #490

[AntonioVentilii]

SahilAujla

[AntonioVentilii]

@thebrianchen @stanleyjones @vahnag I see that you are actually active at some level (PRs being reviewed and merged). May please please please please somebody have a real look at this topics? All of them are quite relevant to this library

[AntonioVentilii]

And now another vulnerability issue!

Please update axios!!!

[AntonioVentilii]

@stanleyjones @noam-alchemy somebody? please

[SahilAujla]

@AntonioVentilii this is fixed in #537 and #538 going to publish a new version of package soon!

[AntonioVentilii]

Thank you @SahilAujla !!!