Package dependency security issue

Question

Package dependency security issue

Vincent440 opened this issue 5 years ago · 1 comments

While running npm audit the report is showing the following:

Moderate        Denial of Service

  Package         axios

  Patched in      >=0.18.1

  Dependency of   react-open-weather

  Path            react-open-weather > axios

  More info       https://npmjs.com/advisories/880

This package requires "axios": "^0.16.1"
Updating Axios would fix this issue. however that could possibly introduce breaking changes.

mattvb91 commented 5 years ago

👍