Hi Team,
We identified a security vulnerability related to axios, which is being pulled through the current serverless version (^4.2.1) used along with serverless-offline.
The older Serverless version internally depends on a vulnerable axios version, which triggers the security finding.
To address this issue, we upgraded serverless from:
^4.2.1 → ^4.31.2
The newer version resolves the axios-related security vulnerability, and after the upgrade, the issue is no longer reported in the dependency scan.
Please let us know if any additional validation or testing is required from our side.
Thanks,
Kishan Talaviya
Hi Team,
We identified a security vulnerability related to axios, which is being pulled through the current serverless version (^4.2.1) used along with serverless-offline.
The older Serverless version internally depends on a vulnerable axios version, which triggers the security finding.
To address this issue, we upgraded serverless from:
^4.2.1 → ^4.31.2
The newer version resolves the axios-related security vulnerability, and after the upgrade, the issue is no longer reported in the dependency scan.
Please let us know if any additional validation or testing is required from our side.
Thanks,
Kishan Talaviya