web3.js
web3.js copied to clipboard
web3
web3-bzz `swarm-js` dependency introduces vulnerability to `got <11.8.5`
https://github.com/ChainSafe/web3.js/blob/8620cba19f2a9250d395e0717669b274a89521a5/packages/web3-bzz/package.json#L20
# npm audit report
got <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/swarm-js/node_modules/got
swarm-js 0.1.1 - 0.1.17 || >=0.1.35
Depends on vulnerable versions of got
node_modules/swarm-js
web3-bzz *
Depends on vulnerable versions of swarm-js
node_modules/web3-bzz
web3 1.0.0-beta.1 - 3.0.0-rc.0
Depends on vulnerable versions of web3-bzz
node_modules/web3
4 moderate severity vulnerabilities
