[x3d-public] github alert, X3DJSONLD: A security advisory on axios affects at least one of your repositories

John Carlson yottzumm at gmail.com
Tue Aug 13 11:19:33 PDT 2024


Please be patient as i don’t know when I’ll get to fixing X3DJSONLD.  If
all else fails, remove package-lock.json and node_modules, comment out
“bash build.sh” in package.json with rem or whatever’s on your system, and
run

$ npm install

You may have to run

$ npm audit fix


I don’t have a ton of server-side code, and I don’t use axios myself that I
know of, I think it’s a dependency of a dependency.

PythonSAI contains no server code that I’m aware of, I use it to store
X3DJSAIL jars.

I have a primary issue with building X3DJSAIL (possibly I don’t have all
necessary files). I have been using Apache subversion with VS Code (there’s
no problem with it, just my patience wears thin with a huge repository
checkout on a new system l).  Stay away from TortoiseSVN!  TortoiseSVN is
currently referenced, but not downloaded in the build.sh script.  If
someone knows of a good subversion for git for windows, please let me know.

So I’ll download the latest X3DJSAIL by hand.  The reason why to comment
out “bash build.sh” is to avoid building X3DJSAIL.

John

On Tue, Aug 13, 2024 at 2:13 AM GitHub <notifications at github.com> wrote:

>
> [image: GitHub] 2 repositories in your GitHub account might be affected
> by a security vulnerability found in axios
>
>
>   Server-Side Request Forgery in axios
>   High severity
>
>
> axios
>
> CVE-2024-39338
>
> View all alerts
> <https://github.com/advisories/GHSA-8hc4-vh64-cxmj/dependabot?query=user:coderextreme>
>
>
> coderextreme/X3DJSONLD
>
>    - package-lock.json
>    <https://github.com/coderextreme/X3DJSONLD/security/dependabot/28>
>
> coderextreme/pythonSAI
>
>    - package-lock.json
>    <https://github.com/coderextreme/pythonSAI/security/dependabot/17>
>
>
>
>
> You are receiving this email because your repository has Dependabot
> enabled. If you want to ship secure code, make sure it is enabled on all
> your important repositories.
>
>
> Sign in to GitHub <https://github.com/login> ・ Terms
> <https://docs.github.com/articles/github-terms-of-service/> ・ Privacy
> <https://docs.github.com/articles/github-privacy-policy/> ・ Notification
> settings <https://github.com/settings/notifications> ・ Unsubscribe
> <https://github.com/notifications/unsubscribe-vulnerability/AAFMJ52ZQVD3PRUJNRZNKSDZRGWYZANCNFSM6AAAAABMNTBADQ>
>
>
> GitHub, Inc. ・88 Colin P Kelly Jr Street
> <https://www.google.com/maps/search/88+Colin+P+Kelly+Jr+Street++San+Francisco,+CA+94107?entry=gmail&source=g>
> ・San Francisco, CA 94107
> <https://www.google.com/maps/search/88+Colin+P+Kelly+Jr+Street++San+Francisco,+CA+94107?entry=gmail&source=g>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://web3d.org/pipermail/x3d-public_web3d.org/attachments/20240813/47e5885f/attachment-0001.html>


More information about the x3d-public mailing list