Closed Shinigami92 closed 3 years ago
Shinigami92
commented
3 years ago @pagekit This can easily be fixed by just updating got to at least "^9.6.0", run yarn and then create a new release
I think a PR from me would be overkill for just a dependency update.
I'm wondering why there is no dependabot PR for this :thinking:
Shinigami92
commented
3 years ago @janschoenherr @steffans why isn't this fixed? Please just create a little new release that fixes this vulnerability. Our pipelines are setup that they fail if a high vulnerability was found in the dependencies and so we need to manually deploy it each time, knowing that there is a CVE...
Shinigami92
commented
3 years ago THX
Upgrade
gotwhen https://github.com/sindresorhus/got/issues/1749 is fixed, merged and releasedhttps://github.com/pagekit/vue-resource/blob/080356dc1992d879fb9f3a86222a7473975efbe6/package.json#L37