'Got' dependency has security issue (dependabot)

Question

MyMediaMagnet opened this issue 3 months ago · comments

Library Affected:
workbox-cli@7.1.0 (npm)

Browser & Platform:
All

Issue or Feature Request Description:
Dependabot is reporting the following alert for a dependency of workbox-cli:

'got' (npm) allows a redirect to a UNIX socket

This is the dependency tree for this package:

workbox-cli@7.1.0
update-notifier@4.1.3
latest-version@5.1.0
package-json@6.5.0
got@9.6.0

The earliest fixed version is got@11.8.5

Tuukka Tihekari · Answer 1 · Mon Jul 01 2024 20:44:17 GMT+0800 (China Standard Time)

Any patch for this?