The got package before 12.1.0 for Node.js allows a redirect to a UNIX socket.
Release Notes
sindresorhus/got
### [`v12.1.0`](https://togithub.com/sindresorhus/got/releases/tag/v12.1.0)
[Compare Source](https://togithub.com/sindresorhus/got/compare/v12.0.4...v12.1.0)
##### Improvements
- Add `response.ok` ([#2043](https://togithub.com/sindresorhus/got/issues/2043)) [`22d58fb`](https://togithub.com/sindresorhus/got/commit/22d58fb)
- This is only useful if you have [`{throwHttpErrors: false}`](https://togithub.com/sindresorhus/got/blob/main/documentation/2-options.md#throwhttperrors)
##### Fixes
- Do not redirect to UNIX sockets ([#2047](https://togithub.com/sindresorhus/got/issues/2047)) [`861ccd9`](https://togithub.com/sindresorhus/got/commit/861ccd9)
- [CVE-2022-33987](https://nvd.nist.gov/vuln/detail/CVE-2022-33987)
- [Also back ported to v11](https://togithub.com/sindresorhus/got/releases/tag/v11.8.5)
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, click this checkbox.
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
12.0.4
->12.1.0
GitHub Vulnerability Alerts
CVE-2022-33987
The got package before 12.1.0 for Node.js allows a redirect to a UNIX socket.
Release Notes
sindresorhus/got
### [`v12.1.0`](https://togithub.com/sindresorhus/got/releases/tag/v12.1.0) [Compare Source](https://togithub.com/sindresorhus/got/compare/v12.0.4...v12.1.0) ##### Improvements - Add `response.ok` ([#2043](https://togithub.com/sindresorhus/got/issues/2043)) [`22d58fb`](https://togithub.com/sindresorhus/got/commit/22d58fb) - This is only useful if you have [`{throwHttpErrors: false}`](https://togithub.com/sindresorhus/got/blob/main/documentation/2-options.md#throwhttperrors) ##### Fixes - Do not redirect to UNIX sockets ([#2047](https://togithub.com/sindresorhus/got/issues/2047)) [`861ccd9`](https://togithub.com/sindresorhus/got/commit/861ccd9) - [CVE-2022-33987](https://nvd.nist.gov/vuln/detail/CVE-2022-33987) - [Also back ported to v11](https://togithub.com/sindresorhus/got/releases/tag/v11.8.5)Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.