Skip to content

Commit

Permalink
build: npm audit --fix
Browse files Browse the repository at this point in the history 
The only remaining vulnerability is request/tough-cookies, but this application
is unaffected by it due to the fact that request does not use the
vulnerable tough-cookie rejectPublicSuffixes=false mode.
See:
  - https://github.com/request/request/blob/8162961dfdb73dc35a5a4bfeefb858c2ed2ccbb7/lib/cookies.js#L21
  - https://nvd.nist.gov/vuln/detail/CVE-2023-26136

'request' will be replaced by a maintained alternative (node-fetch) in
the next major release.
  • Loading branch information
@prlanzarin
prlanzarin committed Nov 9, 2023
1 parent 6313d2f commit de4368e
Showing 1 changed file with 19 additions and 21 deletions.
40 changes: 19 additions & 21 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit de4368e

Please sign in to comment.