# npm audit report
got <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix --force`
Will install nodemon@1.3.3, which is a breaking change
node_modules/got
package-json <=6.5.0
Depends on vulnerable versions of got
node_modules/package-json
latest-version 0.2.0 - 5.1.0
Depends on vulnerable versions of package-json
node_modules/latest-version
update-notifier 0.2.0 - 5.1.0
Depends on vulnerable versions of latest-version
node_modules/update-notifier
nodemon >=1.3.5
Depends on vulnerable versions of update-notifier
node_modules/nodemon
Asked
Active
Viewed 2,326 times
1
robertklep
- 198,204
- 35
- 394
- 381
Irtaza Hussain
- 39
- 3
-
What is your question? – robertklep Jul 01 '22 at 12:07
-
Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking. – Community Jul 01 '22 at 14:37
-
@robertklep I'm getting the vulnerability warning while auditing my react app. I already tried `npm audit fix --force` but it gives me more vulnerabilities due to the older version of react-scripts. My question is how to fix this warning? – Irtaza Hussain Jul 02 '22 at 13:15
2 Answers
2
Editing package.json should do the trick:
- For NPM users
"overrides": { "got": "^12.1.0" }
- For YARN users
"solutions": { "got": "^12.1.0" }
djikstra
- 21
- 3
-
Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Jul 25 '22 at 10:58
-
0
From the advisory - https://github.com/advisories/GHSA-pfrx-2q88-qq97, this might give you a more complete response.
"overrides": {
"got@<11.8.5": "11.8.5",
"got@>=12.0.0 <12.1.0 ": "^12.1.0"
}
jHards
- 1
- 2