Having dependabot alerts: Got allows a redirect to a UNIX socket

[KieraDOG]

Describe the bug

Hi team, we are having this dependabot alert of dependency from jest-preview.

The latest possible version that can be installed is 9.6.0 because of the following conflicting dependency:

jest-preview@0.3.1 requires got@^9.6.0 via a transitive dependency on package-json@6.5.0

The earliest fixed version is 11.8.5.

Screenshots

Reproduce

Please provide a minimal reproduction for the issue. Thanks.

You can use one of the following options to reproduce the issue:

• Create a new GitHub repository (recommended): https://github.com/new
• Create a StackBlitz project: https://stackblitz.com
• Create a sandbox on CodeSandbox: https://codesandbox.io/s

Expected behavior

Upgrade update-notifier to latest version should be able to solve this problem

Environment (please complete the following information)

• OS: [e.g. macOS 12.2.1, Windows 11, Ubuntu 22.04]
• Browser: [e.g. chrome, safari]
• Jest version: [e.g. 27.5.1]

Additional context

[nvh95]

Unluckily, update-notifier@6 does not play well with jest-preview's bundling logic. I will workaround by downgrading update-notifier 6 => 5. I hope I can find a better solution in the future

[snout-o]

Any progress on a fix for this?