Hello Team,
I have been using metronic a lot for majority of my development needs and it has been a joy all these years.
But recently my employers got a VAPT institution to scan the systems I have built and most of them if not all returned a high risk issue from one of the packages you referenced and used in your project and I have stated it below.
Axios - Promise based HTTP client for the browser and Node.js.v1.6.8
The above returned the vulnerability stated below as
Vulnerable JavaScript Library (Axios v1.6.5) with known CVEs
As such there is a need for this library to be updated to at least v1.10.0 or later to fix this vulnerability. Any way forward? as it seems this is embedded with your main JS file.
Kindly assist with advice on a solution please.
Hi,
You can just update Axios in your package.json and update the Axios version safely. In the recent Metronic v8.3.1 and v9.2.1 we have updated the Axios version to the latest version. You can get the latest Metronic versions from themeforest.net/downloads zip.
Regards,
Sean