Skip to content
This repository has been archived by the owner on Apr 16, 2021. It is now read-only.

npm audit 1 high severity vulnerability because of axios #109

Open
Delivator opened this issue Feb 11, 2021 · 2 comments
Open

npm audit 1 high severity vulnerability because of axios #109

Delivator opened this issue Feb 11, 2021 · 2 comments

Comments

@Delivator
Copy link
Contributor

npm audit with the newest version of @nebulous/skynet spits out a vulnerability warning:


                       === npm audit security report ===


                                 Manual Review
             Some vulnerabilities require your attention to resolve

          Visit https://go.npm.me/audit-guide for additional guidance


  High            Server-Side Request Forgery

  Package         axios

  Patched in      >=0.21.1

  Dependency of   @nebulous/skynet

  Path            @nebulous/skynet > axios

  More info       https://npmjs.com/advisories/1594

found 1 high severity vulnerability in 10 scanned packages
  1 vulnerability requires manual review. See the full report for details.
@Delivator
Copy link
Contributor Author

Maybe add dependabot to the repo

@mrcnski
Copy link
Contributor

mrcnski commented Feb 11, 2021

Thanks @Delivator. We do have dependabot enabled so it should raise a PR within the next 24 hours.

@MSevey MSevey mentioned this issue Mar 22, 2021
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mrcnski @Delivator