Closed cgranade closed 3 years ago
When taking a dependency on yeoman-environment:^2.10.3, npm audit reports a high-security vulnerability from the dependency path yeoman-environment → npm-api → paged-request → axios. The root cause for this report is https://github.com/axios/axios/pull/3410, with a corresponding issue on paged-request at https://github.com/jonschlinkert/paged-request/pull/3.
yeoman-environment:^2.10.3
npm audit
yeoman-environment
npm-api
paged-request
axios
$ npm audit ... High Server-Side Request Forgery Package axios Patched in >=0.21.1 Dependency of yeoman-environment Path yeoman-environment > npm-api > paged-request > axios More info https://npmjs.com/advisories/1594 ...
paged-request and npm-api have been patched. The issues should now be gone since npm should resolve to the latest patched version.
When taking a dependency on
yeoman-environment:^2.10.3
,npm audit
reports a high-security vulnerability from the dependency pathyeoman-environment
→npm-api
→paged-request
→axios
. The root cause for this report is https://github.com/axios/axios/pull/3410, with a corresponding issue onpaged-request
at https://github.com/jonschlinkert/paged-request/pull/3.