-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
npm 8.19.3: security issue in the http-cache-semantics #6151
Comments
That should be fixed with v9.4.2 |
It may be fixed for |
@mihob 8.x is EOL and won't likely ever be fixed. only npm 6 and npm 9 are still getting updates afaik. |
This is just waiting on a merge. |
Is there a specific reason to not update to npm 9? |
regardless of how this gets backported to npm 8, npm 8 itself is not vulnerable. This is only causing an |
It looks like v8.19.4 has http-cache-semantics update. |
There is a security issue in the http-cache-semantics package used by the make-fetch-happen package.
The current version of make-fetch-happen uses a version of http-cache-semantics in which the problem is fixed.
Would it be possible to update the dependencies accordingly?
The text was updated successfully, but these errors were encountered: