nodejs-skynet icon indicating copy to clipboard operation
nodejs-skynet copied to clipboard

Published 20 hours ago verified publisher icon NebulousLabs

npm audit 1 high severity vulnerability because of axios

Open Delivator opened this issue 4 years ago • 2 comments

npm audit with the newest version of @nebulous/skynet spits out a vulnerability warning:


                       === npm audit security report ===


                                 Manual Review
             Some vulnerabilities require your attention to resolve

          Visit https://go.npm.me/audit-guide for additional guidance


  High            Server-Side Request Forgery

  Package         axios

  Patched in      >=0.21.1

  Dependency of   @nebulous/skynet

  Path            @nebulous/skynet > axios

  More info       https://npmjs.com/advisories/1594

found 1 high severity vulnerability in 10 scanned packages
  1 vulnerability requires manual review. See the full report for details.

Delivator avatar Feb 11 '21 15:02 Delivator

Maybe add dependabot to the repo

Delivator avatar Feb 11 '21 16:02 Delivator

Thanks @Delivator. We do have dependabot enabled so it should raise a PR within the next 24 hours.

mrcnski avatar Feb 11 '21 20:02 mrcnski