-
Notifications
You must be signed in to change notification settings - Fork 106
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dependabot alerts: Got allows a redirect to a UNIX socket #224
Comments
Could anyone help me to fix this issue: |
In my opinion this is not a high priority for That being said, it will eventually get fixed. However, due to the major version bump of |
It would be nice to get this fixed by applying the already existing PR. I use Electron in a lot of my projects and it is a bit annoying to get audit warnings from NPM and from Github's dependabot all the time because of this got issue. In my opinion it is not a good practice to rely on old dependencies which seems to be no longer supported upstream. If you have strong reasons to stay at version 9 then maybe ask the author of got to publish a new patched version 9 to get this issue out of the way? |
This is an incredibly annoying problem. The warning alone is an annoyance, but it becomes more annoying when your project's release was needlessly delayed because senior developers from the other team thought npm's warnings in the CI/CD logs implied your codebase was vulnerable. I don't know if the above PR fixed this issue but even on the latest versions of |
Looks like this problem is already fixed since @electron/get v2 which is used in electron v22. Problem is, electron 22 is not yet released (but installable with And I guess this ticket can be closed. |
This warning appears in my projects:
Dependabot alerts: Got allows a redirect to a UNIX socket
The latest possible version that can be installed is 9.6.0 because of the following conflicting dependencies:
Is there anything that can be done?
The text was updated successfully, but these errors were encountered: