dashboard-plugin dependency on @serverless/utils pinned to and older version detected in yarn audit

dependency on @serverless/utils pinned to and older version detected in yarn audit

Open chitopunk opened this issue 2 years ago • 1 comments

The following interdependency causes an issue with yarn audit detecting GOT as vulnerable

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate      │ Got allows a redirect to a UNIX socket                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ got                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=11.8.5                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @serverless/dashboard-plugin [dev]                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @serverless/dashboard-plugin > @serverless/utils > got       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1080920                     │
└───────────────┴──────────────────────────────────────────────────────────────┘

this was already fixed in "@serverless/utils": "^6.7.0"

https://github.com/advisories/GHSA-pfrx-2q88-qq97

Aug 16 '22 15:08 chitopunk

Aug 17 '22 14:08 elchesco

dashboard-plugin dashboard-plugin copied to clipboard

dependency on @serverless/utils pinned to and older version detected in yarn audit

dashboard-plugin
dashboard-plugin copied to clipboard