Update request to 2.74.0 #7

evilaliv3 · 2016-07-29T10:44:37Z

This update is to address a security vulnerability allowing potential remote memory exposure on request<=2.68

Details:

This update is to address a security vulnerability allowing potential remote memory exposure on request<=2.68 Details: - https://snyk.io/vuln/npm:request:20160119 - request/request#2018

The commit bump the direct dependency request to version 2.74.0 In order for the fix to be complete the node-request-reply will have to be updated as well as soon that IndigoUnited/node-request-replay#7 will be merged and a new package will be released.

satazor · 2016-07-29T12:09:42Z

Request is used only has a dev dep, but thanks!

evilaliv3 · 2016-07-29T12:32:33Z

you are welcome @satazor

when the main developers are vulnerable the community is vulnerable ;)

Update request to 2.74.0

bbd55e8

This update is to address a security vulnerability allowing potential remote memory exposure on request<=2.68 Details: - https://snyk.io/vuln/npm:request:20160119 - request/request#2018

evilaliv3 mentioned this pull request Jul 29, 2016

Request dependency <=2.68 opens to potential memory exposure vulnerability bower/bower#2336

Closed

evilaliv3 mentioned this pull request Jul 29, 2016

Partially address ticket #2336 bower/bower#2337

Closed

satazor merged commit 99981cf into IndigoUnited:master Jul 29, 2016

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update request to 2.74.0 #7

Update request to 2.74.0 #7

evilaliv3 commented Jul 29, 2016

satazor commented Jul 29, 2016

evilaliv3 commented Jul 29, 2016

Update request to 2.74.0 #7

Update request to 2.74.0 #7

Conversation

evilaliv3 commented Jul 29, 2016

satazor commented Jul 29, 2016

evilaliv3 commented Jul 29, 2016