Npm审核报告说：“ 1个漏洞需要手动审核并且无法更新” / .Node js

Question

首先，我在运行npm audit时收到以下消息：

  

updated 1 package and audited 381 packages in 1.767s
found 1 moderate severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details
→ weatherApp npm audit

                      === npm audit security report ===

┌────────────────────────────────────────────────────────────────────────────┐
│                               Manual Review                                │
│           Some vulnerabilities require your attention to resolve           │
│                                                                            │
│         Visit https://go.npm.me/audit-guide for additional guidance        │
└────────────────────────────────────────────────────────────────────────────┘

┌───────────────┬────────────────────────────────────────────────────────────┐
│ Moderate      │ Denial of Service                                          │
├───────────────┼────────────────────────────────────────────────────────────┤
│ Package       │ axios                                                      │
├───────────────┼────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.18.1                                                   │
├───────────────┼────────────────────────────────────────────────────────────┤
│ Dependency of │ nominatim-geocoder                                         │
├───────────────┼────────────────────────────────────────────────────────────┤
│ Path          │ nominatim-geocoder > axios                                 │
├───────────────┼────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/880                           │
└───────────────┴────────────────────────────────────────────────────────────┘

found 1 moderate severity vulnerability in 381 scanned packages
  1 vulnerability requires manual review. See the full report for details.
→ weatherApp █

键入npm audit fix也不起作用：

  

fixed 0 of 1 vulnerability in 381 scanned packages
1 vulnerability required manual review and could not be updated

他们在https://npmjs.com/advisories/880上建议将axios的版本升级到>=0.18.1。但是，在我的package.json中，版本是^0.19.0。

package.json ：

...
"dependencies": {
  "axios": "^0.19.0",
  "body-parser": "^1.19.0",
  "ejs": "^3.0.1",
  "epxress": "0.0.1-security",
  "express": "^4.17.1",
  "nodemon": "^2.0.1",
  "nominatim-geocoder": "^0.1.4",
  "request": "^2.88.0"
}
...

因此，我尝试在axios中手动升级package-lock.json的版本，因为它仍显示0.16.1。

package-lock.json ：

"nominatim-geocoder": {
  "version": "0.1.4",
  "resolved": "https://registry.npmjs.org/nominatim-geocoder/-/nominatim-geocoder-0.1.4.tgz",
  "integrity": "sha1-7o8I+CZq0tL5zYfdQhzCdmtRF78=",
  "requires": {
    "axios": "^0.16.1",
    "lru": "^3.1.0",
    "promise-queue": "^2.2.3",
    "sha1": "^1.1.1"
  },
  "dependencies": {
    "axios": {
      "version": "0.16.2",
      "resolved": "https://registry.npmjs.org/axios/-/axios-0.16.2.tgz",
      "integrity": "sha1-uk+S8XFn37q0CYN4VFS5rBScPG0=",
      "requires": {
        "follow-redirects": "^1.2.3",
        "is-buffer": "^1.1.5"
      }

...至版本0.19.0。但是，这没有帮助...有什么建议吗？