Closed jdstrand closed 2 years ago
Hi @jdstrand ,
Thank you for the report, we are starting the investigation. In the past, we have had an issue with the newest version of got ( #33 ).
Regards, Endre
Hello @jdstrand,
We released the version 8.0.0
from where we removed the dependency to got
, so upgrading to it must solve the linked security issue.
Thanks!
Hello @jdstrand,
We released the version
8.0.0
from where we removed the dependency togot
, so upgrading to it must solve the linked security issue.
Thanks for working on this! :)
Hi!
The
got
dependency is out of date. https://github.com/configcat/node-sdk/blob/master/package-lock.json#L13 is specifying9.6.0
but https://github.com/advisories/GHSA-pfrx-2q88-qq97 lists the fix is in11.8.5
or12.1.0
.Thanks!