wsow4
commented
1 year ago Any updates? I tried to make a PR, but I don't have permission.
Closed Chico741 closed 11 months ago
wsow4
commented
1 year ago Any updates? I tried to make a PR, but I don't have permission.
ivanmjartan
commented
11 months ago Any updates pls ?
valeriangalliat
commented
11 months ago fetch-cookie is compatible with tough-cookie ^4.0.0, so it's compatible with 4.1.3
There's no need for an update in fetch-cookie in order for you to update the transient dependency on to 4.1.3
The only thing preventing you to use 4.1.3 is your lock file, which you need to update with npm update or yarn up
Cheers
npm-audit recommends to update tough-cookie due to vulnerability:
┌───────────────┬──────────────────────────────────────────────────────────────┐ │ moderate │ tough-cookie Prototype Pollution vulnerability │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ tough-cookie │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=4.1.3 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ xxx > fetch-cookie > tough-cookie │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://www.npmjs.com/advisories/1092448 │ └───────────────┴──────────────────────────────────────────────────────────────┘
Please update tough-cookie >=4.1.3. To avoid vulnerability.