ashmeetkb opened a new issue, #351: URL: https://github.com/apache/cordova/issues/351
Feature Request: Cordova in its latest version 11.0.0 transitively depends on [email protected]. Please upgrade the transitive dependency '[email protected]' to a version greater than 12.1.0 in the newer releases of cordova. Motivation Behind Feature: Mend (formerly WhiteSource) reports got-9.6.0.tgz as a vulnerability having CVSS 3 score: 5.3, since the got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket. Feature Description: Newer versions of cordova to have a transitive dependency on 'got' version greater than 12.1.0 instead of the current 9.6.0 version. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
