Fund: Security vulnerability on package `got`. Consider dependency tree shaking

Vulnerability on package npm-name

Description

On run npm audit, among other, the following snippet appears. Your library, in specific, has a vulnerability which may be resolved by some dependency tree shaking. Please, consider it.

node_modules/package-json/node_modules/got
  npm-name  <=6.0.1
  Depends on vulnerable versions of got
  node_modules/npm-name
    np  >=2.2.0
    Depends on vulnerable versions of npm-name
    Depends on vulnerable versions of update-notifier
    node_modules/np
  package-json  <=6.5.0
  Depends on vulnerable versions of got

Steps to reproduce

OS: Linux/MacOS

Clone repository eulejs: https://github.com/trouchet/eulejs
Navigate to respective folder on previous item;
Run npm audit
Check the respective log

Expected behavior

Zero security vulnerabilities.

Environment

np - 7.6.3
Node.js - 19.6.0
npm - 9.5.0
Git - 2.25.1
OS - Ubuntu 20.04

Sindre Sorhus/np

Security vulnerability on package got. Consider dependency tree shaking

Description

Steps to reproduce

Expected behavior

Environment

How does funding with Polar work?

Backer

Contributor

Maintainer

Sindre Sorhus/np

Security vulnerability on package got. Consider dependency tree shaking

Description

Steps to reproduce

Expected behavior

Environment

How does funding with Polar work?

Backer

Why does "Fund on completion" require GitHub login?

When is the invoice due for "Fund on completion"?

What happens if the issue is never completed?

Do I get any extra benefits by funding?

Do I get progress updates?

Contributor

Do I get a reward?

Is rewards guaranteed?

Maintainer

How can I get funding like this for my open source initiatives?