Update `package-json` to >=8.0.0 for vulnerability in `got` >= 12.0.0, < 12.1.0, < 11.8.5

### Environment
- `nodemon -v`: 2.0.15
- `node -v`: v14.18.1
- Operating system/terminal environment: macOS 12.5

### Issue
```
nodemon@2.0.15 requires got@^9.6.0 via a transitive dependency on package-json@6.5.0
```
- **Vulnerabilty:** The got package before 12.1.0 for Node.js allows a redirect to a UNIX socket.
- **Affected Versions:** >= 12.0.0, < 12.1.0, < 11.8.5
- **Patched versions:** 12.1.0, 11.8.5
- **References**
  - https://github.com/advisories/GHSA-pfrx-2q88-qq97/
  - https://nvd.nist.gov/vuln/detail/CVE-2022-33987
  - https://github.com/sindresorhus/got/pull/2047
  - https://github.com/sindresorhus/got/compare/v12.0.3...v12.1.0
  - https://github.com/sindresorhus/got/commit/861ccd9ac2237df762a9e2beed7edd88c60782dc
  - https://github.com/sindresorhus/got/releases/tag/v11.8.5
  - https://github.com/sindresorhus/got/releases/tag/v12.1.0

### Possible fix
- Upgrade dependency version of `package-json` to >=8.0.0 as it points to fixed dependency for `got` >12.1.0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Update `package-json` to >=8.0.0 for vulnerability in `got` >= 12.0.0, < 12.1.0, < 11.8.5 #2028

Environment

Issue

Possible fix

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Uh oh!

Update package-json to >=8.0.0 for vulnerability in got >= 12.0.0, < 12.1.0, < 11.8.5 #2028

Description

Environment

Issue

Possible fix

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Update `package-json` to >=8.0.0 for vulnerability in `got` >= 12.0.0, < 12.1.0, < 11.8.5 #2028