nodejs-skynet icon indicating copy to clipboard operation
nodejs-skynet copied to clipboard

Published 20 hours ago verified publisher icon NebulousLabs

npm audit 1 high severity vulnerability because of axios

Open MSevey opened this issue 3 years ago • 2 comments

Issue by Delivator Thursday Feb 11, 2021 at 15:27 GMT Originally opened as https://github.com/NebulousLabs/nodejs-skynet/issues/109

npm audit with the newest version of @nebulous/skynet spits out a vulnerability warning:


                       === npm audit security report ===


                                 Manual Review
             Some vulnerabilities require your attention to resolve

          Visit https://go.npm.me/audit-guide for additional guidance


  High            Server-Side Request Forgery

  Package         axios

  Patched in      >=0.21.1

  Dependency of   @nebulous/skynet

  Path            @nebulous/skynet > axios

  More info       https://npmjs.com/advisories/1594

found 1 high severity vulnerability in 10 scanned packages
  1 vulnerability requires manual review. See the full report for details.

MSevey avatar Mar 22 '21 20:03 MSevey

Comment by Delivator Thursday Feb 11, 2021 at 16:36 GMT

Maybe add dependabot to the repo

MSevey avatar Mar 22 '21 20:03 MSevey

Comment by m-cat Thursday Feb 11, 2021 at 20:16 GMT

Thanks @Delivator. We do have dependabot enabled so it should raise a PR within the next 24 hours.

MSevey avatar Mar 22 '21 20:03 MSevey