-
Notifications
You must be signed in to change notification settings - Fork 496
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Found 3 vulnerabilities #537
Comments
Agree that it's an issue, but would only be concerning if the lib was targeting untrusted sources which would use this redirect vuln. We could switch to got eventually, but I'd prefer to keep some client support too so rely on global fetch or a polyfill? tbd |
I agree that it's not a dangerous issue for how it is being used. Just wanted to pin it up, so in the future might be addressed 😊 Btw, great job with this library 🚀 |
When do you plan to fix these vulnerabilities? |
@evaleiraspollux Care to make a PR if you're concerned? |
By installing the package I get the vulnerabilities found warning message from NPM. These seems not to be fixable by a simple
npm audit fix
, which returns:I don't like the Idea of the
--force
flag, while the issue could be addressed by updating the packages on the main repo.The text was updated successfully, but these errors were encountered: