npm audit有高危，也许升级一下urllib？

alipay / alipay-sdk-nodejs-all

支付宝开放平台 Alipay SDK for Node.js

https://docs.open.alipay.com/54/103419/

Other

406 stars 62 forks source link

npm audit有高危，也许升级一下urllib？ #119

Closed jusfeel closed 1 month ago

jusfeel commented 5 months ago

# npm audit report

ip  <=1.1.8
Severity: high
NPM IP package vulnerable to Server-Side Request Forgery (SSRF) attacks - https://github.com/advisories/GHSA-78xj-cgh5-2h22
fix available via `npm audit fix`
node_modules/urllib/node_modules/ip
  urllib  2.27.0 - 3.0.0-alpha.1
  Depends on vulnerable versions of ip
  node_modules/urllib

2 high severity vulnerabilities

node 20.11.0 npm 10.2.4