[Snyk] Upgrade got from 11.1.3 to 11.8.2

[snyk-bot]

Snyk has created this PR to upgrade got from 11.1.3 to 11.8.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 14 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2021-02-26.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MERGEDEEP-1070277	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-590103	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-I18NEXT-1065979	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-608662	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-598894	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-575475	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-570624	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Buffer Overflow SNYK-JS-ELECTRON-569122	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-569120	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Improper Validation SNYK-JS-ELECTRON-569117	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-569114	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Type Confusion SNYK-JS-ELECTRON-569113	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-569099	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-569042	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Out-of-bounds Write SNYK-JS-ELECTRON-568790	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1041745	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Mature
	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1021884	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Remote Memory Exposure SNYK-JS-BL-608877	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Remote Memory Exposure SNYK-JS-BL-608877	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1047770	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-PATHVAL-596926	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service SNYK-JS-NODEFETCH-674311	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-I18NEXT-585930	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Buffer Overflow SNYK-JS-I18NEXT-575536	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-FLAT-596927	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Improper Restriction of Rendered UI Layers or Frames SNYK-JS-ELECTRON-1016273	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Mature
	Improper Access Control SNYK-JS-ELECTRON-1016271	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: got

• 11.8.2 - 2021-02-26
  
  • Make the dnsCache option lazy (#1529) 3bd245f
    This slightly improves Got startup performance and fixes an issue with Jest.

  v11.8.1...v11.8.2

• 11.8.1 - 2020-12-10
  
  • Do not throw on custom stack traces (#1491) 4c815c3
• 11.8.0 - 2020-10-20
  
  • Fix for sending files with size 0 on stat (#1488) 7acd380
  • beforeRetry allows stream body if different from original (#1501) 3dd2273
  • Set default value for an options object (#1495) 390b145

  v11.7.0...v11.8.0

• 11.7.0 - 2020-09-18
  

  Improvements

  • Add pfx HTTPS option (#1364) c33df7f
  • Update body after beforeRequest (#1453) e1c1844
  • Don't allocate buffer twice (#1403) 7bc69d9

  Fixes

  • Fix a regression where body was sent after redirect 88b32ea
  • Fix destructure error on promise.json() c97ce7c
  • Do not ignore userinfo on a redirect to the same origin 52de13b

  v11.6.2...v11.7.0

• 11.6.2 - 2020-09-10
  

  Bug fixes

  • Inherit the prefixUrl option from parent if it's undefined (#1448) a3da70a
  • Prepare a fix for hanging promise on Node.js 14.10.x 29d4e32
  • Prepare for Node.js 15.0.0 c126ff1

  Docs

  • Point travis-ci.org badge to travis-ci.com (#1442) 2b352d3
  • Clarify the retry mechanism f248618
  • Fix RequestError links 3ed4af6

  Tests

  • Downgrade Travis CI Node.js version to 14.9.0 (#1454) 27470b5
• 11.6.1 - 2020-09-08
  

  Fixes

  • Fix options.port on redirect (#1439) 408e22a

  Meta

  • Welcome @ Giotino as a maintainer 🎉 5031843
  • Showcase companies using Got (#1432) d12d6af

  v11.6.0...v11.6.1

• 11.6.0 - 2020-09-02
  

  Improvements

  • Add retry stream event (#1384) 7072198
  • Add types for http-cache-semantics options 2e2295f
  • Make CancelError inherit RequestError 1f132e8
  • Add retryAfter to RetryObject 643a305
  • Add documentation comments to exported TypeScript types (#1278) eaf1e02
  • Move cache options into a cacheOptions property 9c16d90

  Bug fixes

  • Got promise shouldn't retry when the body is a stream 6e1aeae

  Docs

  • Add an example of nock integration with retrying f7bbc37
  • Fix CancelError docs 28c400f
  • Fix retry delay function in the README (#1425) 38bbb04
• 11.5.2 - 2020-08-07
  

  Docs

  • Add hpagent to proxy section (#1363) a3e171c
  • Mention header lowercasing inrequest migration guide (#1387) a748343
  • Fixed deprecationWarning on https options (#1391) 9a309bd

  Bug fixes

  • Fix duplicated hooks when paginating e02845f
  • Fix dnsCache: true having no effect 043c950
• 11.5.1 - 2020-07-16
  

  Enhancements

  • Upgrade http2-wrapper to 1.0.0-beta.5.0 16e7f03
  • Compatibility fix to ignore incorrect Node.js 12 typings f7a1379 61d6f61

  Bug fixes

  • Prevent uncaught errors on HTTP errors 2d96679 1ef053d

  Docs

  • Mention HTTP/2 proxying in readme.md 4ebd26a
  • Update the comparison table bd2d532 c833939
  • Document the hierarchy of error classes (#1359) 559526e
  • Fix example code for HTTPS proxy (#1360) 4083347
• 11.5.0 - 2020-07-07
  Read more
• 11.4.0 - 2020-07-04
• 11.3.0 - 2020-06-05
• 11.2.0 - 2020-06-01
• 11.1.4 - 2020-05-16
• 11.1.3 - 2020-05-10

from got GitHub release notes

Commit messages

Package name: got

• f896aa5 11.8.2
• 3bd245f Instantiate CacheableLookup only when needed (eror npm via ipfs ipfs/ipfs-desktop#1529)
• a72ed84 11.8.1
• 4c815c3 Do not throw on custom stack traces (chore(deps): bump ipfs-http-client from 44.0.1 to 44.0.2 ipfs/ipfs-desktop#1491)
• e0cb820 11.8.0
• f65c9ef Upgrade dependencies
• 7acd380 Fix for sending files with size `0` on `stat` (Improve UX when updating ipfs/ipfs-desktop#1488)
• 6aa86f2 Fix indentation in the readme
• 3dd2273 `beforeRetry` allows stream body if different from original (chore: update dependencies ipfs/ipfs-desktop#1501)
• b1afa2b Fix readme example comment (chore(deps): bump ipfsd-ctl from 4.1.0 to 4.1.1 ipfs/ipfs-desktop#1505)
• 390b145 Set default value for an options object (chore(deps-dev): bump got from 11.0.2 to 11.1.2 ipfs/ipfs-desktop#1495)
• 87dadd5 Fixed documentation example for `responseType` (chore(deps): bump ipfs-http-client from 44.0.1 to 44.0.3 ipfs/ipfs-desktop#1494)
• 3bf3e3b Add `lookup` option documentation (chore(deps-dev): bump electron from 8.2.4 to 8.2.5 ipfs/ipfs-desktop#1483)
• c31366b Add a test for fix: repo fsck is deprecated ipfs/ipfs-desktop#1438 (chore(deps): bump sudo-prompt from 9.1.1 to 9.2.1 ipfs/ipfs-desktop#1469)
• 5d62958 11.7.0
• 88b32ea Fix a regression where body was sent after redirect
• 25ae938 Skip a test
• 3c0d9a6 Fix syntax highlighting in readme.md (chore(deps): bump ipfsd-ctl from 4.0.1 to 4.1.0 ipfs/ipfs-desktop#1470)
• ba2317a Follow-up commit
• c97ce7c Fix destructure error on `promsie.json()`
• 1b208df Fix a stream test
• e1c1844 Update `body` after `beforeRequest` (chore(deps): bump i18next from 19.4.3 to 19.4.4 ipfs/ipfs-desktop#1453)
• 52de13b Do not ignore userinfo on a redirect to the same origin
• 38ba09c General improvements to the tests and CI Environment (chore(deps-dev): bump electron from 8.2.3 to 8.2.4 ipfs/ipfs-desktop#1461)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs