Security leak on package got

[brunolnetto]

Description

The package np reports a security leak. See section below for more details.

Steps to reproduce

1. Create a node project (mkdir ~/node_test && cd ~/node_test && npm init -y);
2. Install package np with the command run npm i --save-dev np;
3. Run command npm audit

Output:

got  <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/got
node_modules/package-json/node_modules/got
  npm-name  <=6.0.1
  Depends on vulnerable versions of got
  node_modules/npm-name
    np  >=2.2.0
    Depends on vulnerable versions of npm-name
    Depends on vulnerable versions of update-notifier
    node_modules/np
  package-json  <=6.5.0
  Depends on vulnerable versions of got
  node_modules/package-json
    latest-version  0.2.0 - 5.1.0
    Depends on vulnerable versions of package-json
    node_modules/latest-version
      update-notifier  0.2.0 - 5.1.0
      Depends on vulnerable versions of latest-version
      node_modules/update-notifier

Expected behavior

Nothing but a security leak.

Environment

np - 7.6.3
Node.js - 19.6.0
npm - 9.5.0
Git - 2.25.1
OS - Linux Ubuntu 20.04