Hi I’m using the kiteconnect Node.js package in a production project and running a security audit (npm audit) flags high-severity vulnerabilities due to the version of axios bundled as a dependency. Specifically, the audit reports:
Axios Cross-Site Request Forgery Vulnerability Axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL
These are present in the version of axios included with the latest kiteconnect (^5.0.1). Downgrading to an older version of kiteconnect is not a solution, as it reintroduces other vulnerabilities.
Could you please update the axios dependency in kiteconnect to a secure, patched version (>=0.30.0)?
