high severity vulnerability #18

sxzctzppyw · 2021-01-28T10:56:34Z

Hi,
Please see screenshot.
It says: found 1 high severity vulnerability in 1612 scanned packages

kb3eua · 2021-02-14T02:06:07Z

Duplicate of RealFaviconGenerator/rfg-api#23

rohan-deshpande · 2021-03-24T22:28:04Z

You can get around this by using npx ie., in an npm script:

npx cli-real-favicon generate ./path/to/favicon/description.json ./path/to/favicon/data.json ./path/to/favicon

kb3eua · 2021-03-25T02:06:41Z

@rohan-deshpande That does not address the issue on any level. Just using npx does not magically make rfg-api use a newer version of axios... the vulnerability is still there.

rohan-deshpande · 2021-03-25T22:54:00Z

Since the security vulnerability is related to the usage of a proxy in axios requests axios/axios#3369 I would say that actually this is a non issue because rfg-api doesn't even use a proxy https://github.com/RealFaviconGenerator/rfg-api/blob/master/index.js#L40

If you read the related issue you'd see that this is basically confirmed axios/axios#3369 (comment)

This is why using npx is helpful, because you don't get a non-issue warning in your npm audit.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

high severity vulnerability #18

high severity vulnerability #18

sxzctzppyw commented Jan 28, 2021

kb3eua commented Feb 14, 2021

rohan-deshpande commented Mar 24, 2021

kb3eua commented Mar 25, 2021

rohan-deshpande commented Mar 25, 2021 •

edited

high severity vulnerability #18

high severity vulnerability #18

Comments

sxzctzppyw commented Jan 28, 2021

kb3eua commented Feb 14, 2021

rohan-deshpande commented Mar 24, 2021

kb3eua commented Mar 25, 2021

rohan-deshpande commented Mar 25, 2021 • edited

rohan-deshpande commented Mar 25, 2021 •

edited