node-http-proxy icon indicating copy to clipboard operation
node-http-proxy copied to clipboard

Published 20 hours ago verified publisher icon http-party

Update dependency "follow-redirects" to mitigate CVE-2022-0155

Open kapi-caz opened this issue 3 years ago • 2 comments
trafficstars

Hi!

A vulnerability in the package "follow-redirects" CVE-2022-0155 was found. It is fixed with the version 1.14.7. Is it possible to update to the latest version?

Thanks!

kapi-caz avatar Jan 13 '22 08:01 kapi-caz

https://github.com/http-party/node-http-proxy/pull/1564

Trott avatar Jan 14 '22 00:01 Trott

Is it possible to update to the latest version?

You can update to the latest version of follow-redirects by re-installing http-proxy. (It would still be nice to merge #1564 and create a new release so that people who use npm outdated and other tools will get the fix, etc.)

Trott avatar Jan 17 '22 15:01 Trott