Upgrade `got` dependency to 12.5.0 or higher to fix security vulnerability

Question

Upgrade `got` dependency to 12.5.0 or higher to fix security vulnerability

nabchar opened this issue 2 years ago · 1 comments

Snyk lists http-cache-semantics as having a Regular Expression Denial of Service (ReDoS) security vulnerability for any versions prior to 4.1.1. Read here for more info.

In this package, the dependency on "got": "^11.8.5" internally has a dependency on "cacheable-request": "^7.0.2", which in turn has a dependency on "http-cache-semantics": "^4.0.0" -- which is tied to a minor version that has the security vulnerability mentioned above.

Answer 1 · 2023-05-16T21:55:21.000Z

Duplicate of #242

"http-cache-semantics": "^4.0.0" is not tied to the vulnerable version. 4.1.1 is compliant with ^4.0.0.