[REQ] [nodejs.express.server] Remove unused axios package from package.mustache #10427
Description
Original Title: Bump axios to version v0.21.3 or Higher Due to ReDos & SSRF Vulns
Update: I went through the codebase and found that Axios is not used in the starter build. My suggestion will change to the removal of axios instead of updating to the current version.
Description
Axios is on version 0.19.0 in the nodejs-express-server generator. And is affected by ReDos and SSRF vulnerabilities.
https://snyk.io/vuln/npm:axios
ReDos affecting versions <0.21.3
https://snyk.io/vuln/SNYK-JS-AXIOS-1579269
SSRF Vulnerabilty affecting versions <0.21.1
https://snyk.io/vuln/SNYK-JS-AXIOS-1038255
openapi-generator version
nodejs-express-server
Suggest a fix/enhancement
Update Remove axios package from the package.mustache file for nodejs-express-server.
https://github.com/OpenAPITools/openapi-generator/blob/3c866fb4a34e86d0ea2fef401a30206d7452bd2a/modules/openapi-generator/src/main/resources/nodejs-express-server/package.mustache
Related issues/PRs
This was updated in the typescript-axios generator.
#8432
Further Information
I checked the other JavaScript based generators and only this generator and the typescript-axios generator have axios as a dependency. In the typescript-axios generator axios has been updated to the current version (0.21.4) and will not be affected by the vulnerabilities above,