tika-text-extract icon indicating copy to clipboard operation
tika-text-extract copied to clipboard

Published 20 hours ago verified publisher icon shelfio

Update got to latest please

Open tomcon opened this issue 2 years ago • 2 comments

npm audit report

got <11.8.5 Severity: moderate Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97 No fix available node_modules/@shelf/tika-text-extract/node_modules/got @shelf/tika-text-extract * Depends on vulnerable versions of got node_modules/@shelf/tika-text-extract

tomcon avatar Jul 14 '22 13:07 tomcon

PRs are welcome

But I don't think this issue is relevant to this package

This package doesn't allow a user-provided URL

It always calls localhost:9998 and it cannot be changed outside of the package by a library user

vladholubiev avatar Jul 19 '22 21:07 vladholubiev

@vladholubiev this this is true, in our particular case, we need to be SOC2 compliant, and got 11.8.6 is flagged as a vulnerability, regardless of how inconsequential it is.

I'm trying to get the next minimum acceptable version to work (v12.1.0), but I'm having issues with this.

GTCrais avatar Jun 11 '24 15:06 GTCrais