# npm audit report

got  <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix`
node_modules/got
  package-json  <=6.5.0
  Depends on vulnerable versions of got
  node_modules/package-json
    pkg-versions  <=2.1.0
    Depends on vulnerable versions of package-json
    node_modules/pkg-versions
      ut-tools  >=5.16.0
      Depends on vulnerable versions of package-json
      Depends on vulnerable versions of pkg
      Depends on vulnerable versions of pkg-versions
      Depends on vulnerable versions of request
      Depends on vulnerable versions of request-promise-native
      Depends on vulnerable versions of semver
      node_modules/ut-tools

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
fix available via `npm audit fix`
node_modules/request
  pkg-fetch  <=2.7.0
  Depends on vulnerable versions of request
  node_modules/pkg-fetch
    pkg  3.0.0-beta.0 - 4.5.1
    Depends on vulnerable versions of pkg-fetch
    node_modules/pkg
  request-promise-core  *
  Depends on vulnerable versions of request
  node_modules/request-promise-core
    request-promise-native  >=1.0.0
    Depends on vulnerable versions of request
    Depends on vulnerable versions of request-promise-core
    Depends on vulnerable versions of tough-cookie
    node_modules/request-promise-native

semver  7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/ut-tools/node_modules/semver

tough-cookie  <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
fix available via `npm audit fix`
node_modules/tough-cookie

11 moderate severity vulnerabilities

To address all issues, run:
  npm audit fix