Description
npm audit fails:
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
High Server-Side Request Forgery
Package axios
Patched in >=0.21.1
Dependency of @slack/webhook
Path @slack/webhook > axios
More info https://npmjs.com/advisories/1594
found 1 high severity vulnerability in 703 scanned packages
1 vulnerability requires manual review. See the full report for details.
What type of issue is this? (place an x in one of the [ ])
Requirements (place an x in each of the [ ])
Bug Report
Filling out the following details about bugs will help us solve your issue sooner.
Packages:
Select all that apply:
Reproducible in:
package version: 5.0.3
node version: v12.20.0
OS version(s): Alpine 3.11.7
Steps to reproduce:
npm install @slack/webhook
Expected result:
No vulnerabilities were reported.
Actual result:
The output of npm install @slack/webhook on a package without it pre-installed:
added 7 packages from 53 contributors and audited 7 packages in 3.53s
found 1 high severity vulnerability
run `npm audit fix` to fix them, or `npm audit` for details
Attachments:
Logs, screenshots, screencast, sample project, funny gif, etc.
Description
npm auditfails:What type of issue is this? (place an
xin one of the[ ])Requirements (place an
xin each of the[ ])Bug Report
Filling out the following details about bugs will help us solve your issue sooner.
Packages:
Select all that apply:
@slack/web-api@slack/events-api@slack/interactive-messages@slack/rtm-api@slack/webhooks@slack/oauthReproducible in:
package version: 5.0.3
node version: v12.20.0
OS version(s): Alpine 3.11.7
Steps to reproduce:
npm install @slack/webhookExpected result:
No vulnerabilities were reported.
Actual result:
The output of
npm install @slack/webhookon a package without it pre-installed:Attachments:
Logs, screenshots, screencast, sample project, funny gif, etc.