Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Uses vulnerable version of "got" #100

Closed
neil-hardlight opened this issue Jul 1, 2022 · 3 comments
Closed

Uses vulnerable version of "got" #100

neil-hardlight opened this issue Jul 1, 2022 · 3 comments

Comments

@neil-hardlight
Copy link

Running "npm audit" results in:

# npm audit report

got  <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
No fix available
node_modules/@vitalets/google-translate-api/node_modules/got
  @vitalets/google-translate-api  *
  Depends on vulnerable versions of got
  node_modules/@vitalets/google-translate-api

2 moderate severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.
@AidanWelch
Copy link

As far as I can tell this fork is only able to be slightly maintained, so I have created a fork that will continually be updated, and solves this issue by dropping got entirely.

@neil-hardlight
Copy link
Author

Thanks Aidan - I've switched over to your fork.

@vitalets vitalets mentioned this issue Oct 18, 2022
Open
@vitalets
Copy link
Owner

In new beta release v9 got was replaced with the latest node-fetch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@vitalets @AidanWelch @neil-hardlight