chimurai
commented
6 months ago Updating your dependency lock-file should resolve this issue.
follow-redirects is configured with ^ so you should be able to get the minor versions
Open kasasusmitha12 opened 6 months ago
chimurai
commented
6 months ago Updating your dependency lock-file should resolve this issue.
follow-redirects is configured with ^ so you should be able to get the minor versions
We need to upgrade this version "1.15.6" . We have found a vulnerability in the "follow-redirects" package. Please consider upgrading and releasing new release notes for the package. Here I am providing CVE and Vendor Advisories CVE - https://nvd.nist.gov/vuln/detail/CVE-2024-28849 Vendor Advisories -https://github.com/follow-redirects/follow-redirects/releases/tag/v1.15.6 -https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b -https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp