gulp-reporter icon indicating copy to clipboard operation
gulp-reporter copied to clipboard

Published 20 hours ago verified publisher icon gucong3000

Upgrade Axios

Open karlwilbur opened this issue 4 years ago • 0 comments

Currently axios is required at ^0.18.0. https://github.com/gucong3000/gulp-reporter/blob/80560d85b834307bd4cf77fb34257eacefde7781/package.json#L9

However, there is a current high-severity advisory for axios:

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high          │ Server-Side Request Forgery                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ axios                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.21.1                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ eclint                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ eclint > gulp-reporter > axios                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1594                        │
└───────────────┴──────────────────────────────────────────────────────────────┘

Please update the axios dependency to >=0.21.1 (or more specifically, ^0.21.1).

karlwilbur avatar Feb 10 '21 16:02 karlwilbur