search

NebulousLabs / nodejs-skynet

Library for integrating Skynet into Node.js applications
MIT License
29 stars 12 forks source link

npm audit 1 high severity vulnerability because of axios #109

Open Delivator opened 3 years ago

Delivator commented 3 years ago

npm audit with the newest version of @nebulous/skynet spits out a vulnerability warning:


                       === npm audit security report ===

                                 Manual Review
             Some vulnerabilities require your attention to resolve

          Visit https://go.npm.me/audit-guide for additional guidance

  High            Server-Side Request Forgery

  Package         axios

  Patched in      >=0.21.1

  Dependency of   @nebulous/skynet

  Path            @nebulous/skynet > axios

  More info       https://npmjs.com/advisories/1594

found 1 high severity vulnerability in 10 scanned packages
  1 vulnerability requires manual review. See the full report for details.
Delivator commented 3 years ago

Maybe add dependabot to the repo

mrcnski commented 3 years ago

Thanks @Delivator. We do have dependabot enabled so it should raise a PR within the next 24 hours.