Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

npm audit reports severe vulnerability for dependency of yeoman-environment:^2.10.3. #247

Closed
cgranade opened this issue Jan 6, 2021 · 2 comments
Closed

npm audit reports severe vulnerability for dependency of yeoman-environment:^2.10.3. #247

cgranade opened this issue Jan 6, 2021 · 2 comments
Labels
needs triage

Comments

@cgranade
Copy link

cgranade commented Jan 6, 2021

When taking a dependency on yeoman-environment:^2.10.3, npm audit reports a high-security vulnerability from the dependency path yeoman-environmentnpm-apipaged-requestaxios. The root cause for this report is axios/axios#3410, with a corresponding issue on paged-request at jonschlinkert/paged-request#3.

$ npm audit
...

  High            Server-Side Request Forgery                                   

  Package         axios                                                         

  Patched in      >=0.21.1                                                      

  Dependency of   yeoman-environment                                            

  Path            yeoman-environment > npm-api > paged-request > axios          

  More info       https://npmjs.com/advisories/1594

...
@mshima
Copy link
Member

mshima commented Jan 7, 2021

Duplicate of #246

@mshima mshima marked this as a duplicate of #246 Jan 7, 2021
@mshima mshima closed this as completed Jan 7, 2021
@cgranade
Copy link
Author

cgranade commented Jan 7, 2021

Apologies for the duplicate, I got a GitHub error posting #246 and did not realize the issue was created successfully.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cgranade @mshima