Closed Shinigami92 closed 3 years ago
@pagekit This can easily be fixed by just updating got to at least "^9.6.0", run yarn
and then create a new release
I think a PR from me would be overkill for just a dependency update.
I'm wondering why there is no dependabot PR for this :thinking:
@janschoenherr @steffans why isn't this fixed? Please just create a little new release that fixes this vulnerability. Our pipelines are setup that they fail if a high vulnerability was found in the dependencies and so we need to manually deploy it each time, knowing that there is a CVE...
THX
Upgrade
got
when https://github.com/sindresorhus/got/issues/1749 is fixed, merged and releasedhttps://github.com/pagekit/vue-resource/blob/080356dc1992d879fb9f3a86222a7473975efbe6/package.json#L37