You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Upstream Axios (HTTP client) has a high-severity vulnerability (see axios/axios#2183). @slack/web-api users should be encouraged to monitor this issue, and upgrade once resolved.
What type of issue is this? (place an x in one of the [ ])
bug
enhancement (feature request)
question
documentation related
testing related
discussion
Requirements (place an x in each of the [ ])
I've read and understood the Contributing guidelines and have done my best effort to follow them.
Description
Upstream Axios (HTTP client) has a high-severity vulnerability (see axios/axios#2183).
@slack/web-api
users should be encouraged to monitor this issue, and upgrade once resolved.What type of issue is this? (place an
x
in one of the[ ]
)Requirements (place an
x
in each of the[ ]
)Bug Report
Github sent me an email about this vuln; I ran
yarn why axios
in the affected project and discovered it is a transitive dependency via@slack/web-api
.Packages:
Select all that apply:
@slack/web-api
@slack/events-api
@slack/interactive-messages
@slack/rtm-api
@slack/webhooks
Reproducible in:
package version: 5.0.1
node version: 11.9.0
OS version(s): OSX 10.14.4
Steps to reproduce:
Expected result:
No deps with vulns!
Actual result:
Deps with vulns :(
Attachments:
The text was updated successfully, but these errors were encountered: