node-http-proxy

[kasasusmitha12]

We need to upgrade this version "1.15.6" . We have found a vulnerability in the "follow-redirects" package. Please consider upgrading and releasing new release notes for the package. Here I am providing CVE and Vendor Advisories CVE - https://nvd.nist.gov/vuln/detail/CVE-2024-28849 Vendor Advisories -https://github.com/follow-redirects/follow-redirects/releases/tag/v1.15.6 -https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b -https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp

[chimurai]

Updating your dependency lock-file should resolve this issue.

follow-redirects is configured with ^ so you should be able to get the minor versions

https://github.com/http-party/node-http-proxy/blob/9b96cd725127a024dabebec6c7ea8c807272223d/package.json#L14-L18

[ravin00]

Like the above comment updating the lock file should solve the issue