Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

建议升级依赖update-notifier的版本 #15

Open
TsMask opened this issue Jun 10, 2023 · 0 comments
Open

建议升级依赖update-notifier的版本 #15

TsMask opened this issue Jun 10, 2023 · 0 comments

Comments

@TsMask
Copy link

TsMask commented Jun 10, 2023

建议升级依赖update-notifier的版本

更新到 "update-notifier": "^6.0.0"

# npm audit report

got  <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
No fix available
node_modules/got
  package-json  <=6.5.0
  Depends on vulnerable versions of got
  node_modules/package-json
    latest-version  0.2.0 - 5.1.0
    Depends on vulnerable versions of package-json
    node_modules/latest-version
      update-notifier  0.2.0 - 5.1.0
      Depends on vulnerable versions of latest-version
      node_modules/update-notifier
        mwts  *
        Depends on vulnerable versions of update-notifier
        node_modules/mwts

5 moderate severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@TsMask