[deps] Bump `follow-redirects` version due to CVE-2022-0155 CVE-2022-0536

jasongin / nvs

Node Version Switcher - A cross-platform tool for switching between versions and forks of Node.js

Other

2.72k stars 210 forks source link

[deps] Bump `follow-redirects` version due to CVE-2022-0155 CVE-2022-0536 #285

Closed alexander-smolyakov closed 1 year ago

alexander-smolyakov commented 1 year ago

Description:

The nvs contains a local instance of the follow-redirects v1.10.0 in the deps folder. This version is affected by the following vulnerabilities:

CVE-2022-0155
CVE-2022-0536

Link to related follow-redirects release: https://github.com/follow-redirects/follow-redirects/releases/tag/v1.15.2

Changelog:

The follow-redirects package updated to v1.15.2 (v1.10.0 -> v1.15.2)