New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
https://nodesecurity.io/advisories/130 #136
Comments
is this a wontfix for a security issue? |
Or do you hereby request further explanation? |
Would be nice to get a PR or more explanation or if this is even an issue for this module; just saying "security issue" doesn't instantly make it a fire that needs putting out. Ideally some sort of proof of issue would be shown against this module otherwise this is just drive-by security on your part where you found some notice on a website about a module in our dependency tree and didn't bother giving any additional details or checking if it is actually a concern. |
Alright, sorry for that. As this error showed up during installation, I was assuming that linked site is well known common ground in the node world and that my observations would be imminent to posting just the link. What I can tell:
Version bump to 2.3.0 is recommended. In the case that localtunnel is compatible with 2.3.0, as to my (humild) judgment, bumping the version would be a no brainer and does not require further argumentative support.
|
Thank you for following up. We don't directly depend on that module so it On Saturday, August 6, 2016, David Arnold notifications@github.com wrote:
|
npm isn't that bad 😄 - I wasn't used to that usability levels... It's the
Want to learn node now 😄 |
Any update on this? In your |
https://nodesecurity.io/advisories/130
The text was updated successfully, but these errors were encountered: