vue-cli-plugin-electron-builder
vue-cli-plugin-electron-builder copied to clipboard
Vulnerability in transitive dependency
The got
package before 11.8.5 and 12.1.0 for Node.js allows a redirect to a UNIX socket. Dependency chain: vue-cli-plugin-electron-builder => electron-builder => update-notifier => latest-version => package-json => got
.
Reproducible on the latest (2.1.1
) version, did not investigate other versions.
Oh, it looks like this repo is not maintained which the audit did not fix for so long, and so does the V3 version. I meet this issue too, bro.