Open karlwilbur opened 3 years ago
Currently axios is required at ^0.18.0. https://github.com/gucong3000/gulp-reporter/blob/80560d85b834307bd4cf77fb34257eacefde7781/package.json#L9
axios
^0.18.0
However, there is a current high-severity advisory for axios:
┌───────────────┬──────────────────────────────────────────────────────────────┐ │ high │ Server-Side Request Forgery │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ axios │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=0.21.1 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ eclint │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ eclint > gulp-reporter > axios │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://www.npmjs.com/advisories/1594 │ └───────────────┴──────────────────────────────────────────────────────────────┘
Please update the axios dependency to >=0.21.1 (or more specifically, ^0.21.1).
>=0.21.1
^0.21.1
Currently
axios
is required at^0.18.0
. https://github.com/gucong3000/gulp-reporter/blob/80560d85b834307bd4cf77fb34257eacefde7781/package.json#L9However, there is a current high-severity advisory for
axios
:Please update the
axios
dependency to>=0.21.1
(or more specifically,^0.21.1
).