search

woocommerce / woocommerce-rest-api

This is the WooCommerce core REST API Package. It runs standalone as a feature plugin too.
71 stars 46 forks source link

Vulnerability required manual review and could not be updated (npm) #263

Open nghiaht opened 3 years ago

nghiaht commented 3 years ago

Hello, the main release of woocommerce-rest-api happends months ago. Recently while using it, the npm suggest me to run the audit.

My package.json

"@woocommerce/woocommerce-rest-api": "^1.0.1",
...

When I run npm audit


                       === npm audit security report ===                        

                                 Manual Review                                  
             Some vulnerabilities require your attention to resolve             

          Visit https://go.npm.me/audit-guide for additional guidance           

  High            Server-Side Request Forgery                                   

  Package         axios                                                         

  Patched in      >=0.21.1                                                      

  Dependency of   @woocommerce/woocommerce-rest-api                             

  Path            @woocommerce/woocommerce-rest-api > axios                     

  More info       https://npmjs.com/advisories/1594

What can I do to solve it? Thanks!