Skip to content

Outdated Axios Version #69

New issue
New issue
Open
Open
Outdated Axios Version#69
@jeanmarc5592

Description

@jeanmarc5592
jeanmarc5592
opened on Sep 17, 2025

Hi Brevo team 👋

Issue

When installing @getbrevo/brevo@3.0.1, the package pulls in axios via:

"dependencies": {
  "axios": "^1.6.8"
}

This currently resolves to axios@1.11.0 in most setups.

However, recent security scans (e.g. Trivy) report the following issue:

• Library: axios
• Vulnerability: CVE-2025-58754
• Severity: HIGH
• Fixed in: 1.12.0

Suggested fix

Because ^1.6.8 allows anything <2.0.0, the fix is simple:

"axios": "^1.12.0"

This ensures that new installs won’t pin vulnerable versions of axios and keeps Trivy and other scanners green without requiring manual resolutions/overrides inside the package.json.

If there aren't any complains from your side, I could open a PR for that :)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions