Over in stencila, npm audit is giving us the following
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ axios │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.18.1 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @stencila/encoda │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ @stencila/encoda > datapackage > axios │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/880 │
└───────────────┴──────────────────────────────────────────────────────────────┘
<snip>
This should resolve that by upgrading axios to 0.19.0.
Note that npm outdated and npm audit show many other packages could also be updated. However, they are mainly dev dependencies so I haven't addressed them since they do not affect us and I didn't want to risk breaking things.
Over in
stencila
,npm audit
is giving us the followingThis should resolve that by upgrading axios to 0.19.0.
Note that
npm outdated
andnpm audit
show many other packages could also be updated. However, they are mainly dev dependencies so I haven't addressed them since they do not affect us and I didn't want to risk breaking things.