[email protected] 依赖存在高危漏洞的 axios ≤0.30.1，建议升级

[i-NMB]

您好！

感谢贵团队维护又拍云 Node.js SDK！目前我们在使用node-sdk插件作为依赖时发现一个安全风险，特此反馈，希望能尽快修复。

主要问题

[email protected]（当前最新版）依赖的 axios 版本为"axios": "^0.26.1"，而该版本存在 3 个高危安全漏洞，已被 GitHub Security Advisory 公开披露 axios <=0.30.1 Severity: high Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL - https://github.com/advisories/GHSA-jr5f-v2jv-69x6 Axios is vulnerable to DoS attack through lack of data size check - https://github.com/advisories/GHSA-4hjh-wcwx-xvwj