Newer versions after v0.7.7 causing npm moderate severity vulnerabilities #341

Joolyan · 2023-06-03T08:59:37Z

Installing the latest version (0.10.0) on macOS 11.7.7 generates the following issue...

got <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - GHSA-pfrx-2q88-qq97
fix available via npm audit fix --force
Will install posthtml-cli@0.7.7, which is a breaking change
node_modules/got
package-json <=6.5.0
Depends on vulnerable versions of got
node_modules/package-json
latest-version 0.2.0 - 5.1.0
Depends on vulnerable versions of package-json
node_modules/latest-version
update-notifier 0.2.0 - 5.1.0
Depends on vulnerable versions of latest-version
node_modules/update-notifier
posthtml-cli >=0.8.0
Depends on vulnerable versions of update-notifier
node_modules/posthtml-cli

Installing the latest version of got didn't resolve the vulnerabilities, but all okay using posthtml-cli@0.7.7

Any ideas as to what I've done wrong?

The text was updated successfully, but these errors were encountered:

Scrum · 2023-09-04T07:47:30Z

@Joolyan what versions of nodejs and npm are you using?

Joolyan · 2023-09-06T09:36:13Z

node v18.16.0
npm v9.5.1

Scrum · 2023-09-07T06:38:37Z

Does not affect many dependencies. Needs to be corrected after the update. If you have the time and opportunity, I will gladly accept from you PR.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Newer versions after v0.7.7 causing npm moderate severity vulnerabilities #341

Newer versions after v0.7.7 causing npm moderate severity vulnerabilities #341

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Newer versions after v0.7.7 causing npm moderate severity vulnerabilities #341

Newer versions after v0.7.7 causing npm moderate severity vulnerabilities #341

Comments

Uh oh!

Uh oh!

Uh oh!