The current release of node-red-dashboard (v1.30.2) depends on axios v1.13.2.
Several published CVEs are reported for this version of axios:
These findings are reported by common SBOM and vulnerability management tools.
We are currently preparing products for compliance with the European Cyber Resilience Act (CRA). As part of the CRA requirements, vulnerabilities in software components and transitive dependencies must be assessed and documented. This currently results in multiple findings related to the axios dependency used by the dashboard.
Is there already a plan to update axios to a version that addresses these CVEs?
Any information regarding a planned update or roadmap would be appreciated.
The current release of
node-red-dashboard(v1.30.2) depends onaxiosv1.13.2.Several published CVEs are reported for this version of axios:
These findings are reported by common SBOM and vulnerability management tools.
We are currently preparing products for compliance with the European Cyber Resilience Act (CRA). As part of the CRA requirements, vulnerabilities in software components and transitive dependencies must be assessed and documented. This currently results in multiple findings related to the axios dependency used by the dashboard.
Is there already a plan to update axios to a version that addresses these CVEs?
Any information regarding a planned update or roadmap would be appreciated.