diff --git a/package.json b/package.json
index 6d3334f98..807cc10fb 100644
--- a/package.json
+++ b/package.json
@@ -62,7 +62,7 @@
     "passport": "~0.4.0",
     "passport-jwt": "~4.0.0",
     "sanitize-html": "~1.20.0",
-    "slug": "~0.9.3",
+    "slug": "~1.0.0",
     "trunc-html": "~1.1.2",
     "wait-on": "~3.2.0"
   },
diff --git a/src/graphql-schema.spec.js b/src/graphql-schema.spec.js
index 2211a514a..3d259ab42 100644
--- a/src/graphql-schema.spec.js
+++ b/src/graphql-schema.spec.js
@@ -1,7 +1,7 @@
 import Factory from './seed/factories'
+import { GraphQLClient, request } from 'graphql-request'
 import jwt from 'jsonwebtoken'
 import { host, login } from './jest/helpers'
-import { GraphQLClient, request } from 'graphql-request'
 
 const factory = Factory()
 
@@ -119,3 +119,66 @@ describe('CreatePost', () => {
     })
   })
 })
+
+describe('report', () => {
+  beforeEach(async () => {
+    await factory.create('user', {
+      email: 'test@example.org',
+      password: '1234'
+    })
+    await factory.create('user', {
+      id: 'u2',
+      name: 'abusive-user',
+      role: 'user',
+      email: 'abusive-user@example.org'
+    })
+  })
+
+  afterEach(async () => {
+    await factory.cleanDatabase()
+  })
+
+  describe('unauthenticated', () => {
+    let client
+    it('throws authorization error', async () => {
+      client = new GraphQLClient(host)
+      await expect(
+        client.request(`mutation {
+        report(
+          description: "I don't like this user",
+          resource: {
+            id: "u2",
+            type: user
+          }
+        ) { id, createdAt }
+      }`)
+      ).rejects.toThrow('Not Authorised')
+    })
+
+    describe('authenticated', () => {
+      let headers
+      let response
+      beforeEach(async () => {
+        headers = await login({ email: 'test@example.org', password: '1234' })
+        client = new GraphQLClient(host, { headers })
+        response = await client.request(`mutation {
+          report(
+            description: "I don't like this user",
+            resource: {
+              id: "u2",
+              type: user
+            }
+            ) { id, createdAt }
+          }`,
+        { headers }
+        )
+      })
+      it('creates a report', () => {
+        let { id, createdAt } = response.report
+        expect(response).toEqual({
+          report: { id, createdAt }
+        })
+      })
+    })
+  })
+})
diff --git a/yarn.lock b/yarn.lock
index f77e60551..6a24f45f3 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -6232,10 +6232,10 @@ slice-ansi@2.0.0:
     astral-regex "^1.0.0"
     is-fullwidth-code-point "^2.0.0"
 
-slug@~0.9.3:
-  version "0.9.3"
-  resolved "https://registry.yarnpkg.com/slug/-/slug-0.9.3.tgz#8c9c773d79367c0188733316cf49fd2b8db40f6a"
-  integrity sha512-DddSQQnUdAofjFOKRT+zsMNrdzdte04G5DUA+NeaUJlPAqR1bWQ22qVfayRxHFiRGR3bUV0wt5VSj4849pGKSw==
+slug@~1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/slug/-/slug-1.0.0.tgz#503be07b150226a42abf7a9c52d345e6b163fea8"
+  integrity sha512-m3uDtlWbJmYiwxVU1+jIvYEgfYmvtjWE/KtM6IfNzuRyHv+9RMukxMVph1ra+/499fVOKgTcK/8s2gLrYoP+BA==
   dependencies:
     unicode ">= 0.3.1"