Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump request@2.87.0 #2435

Merged
merged 2 commits into from Jul 5, 2018
Merged

Bump request@2.87.0 #2435

merged 2 commits into from Jul 5, 2018

Conversation

xzyfer
Copy link
Contributor

@xzyfer xzyfer commented Jul 4, 2018

request@2.87.0 removed the dependency on hoek (request/request#2943)
which restores support for Node < 4. This means we bump to the latest
request to resolve the npm audit warnings.

Additionally I had to bump coveralls@^3 to resolve a dependency
mismatch with request.

I've added back the CI checks for old Node for the v4 branch.

Fixes #2355

@xzyfer
Bump request@2.87.0
6c147e8 
As of 2.87.0 the hoek packages has been removed which restores
Node < 4 support
@xzyfer
Restore old node to CI
e4de2dd
@xzyfer xzyfer requested a review from nschonni July 4, 2018 14:26
@xzyfer xzyfer mentioned this pull request Jul 4, 2018
Closed
@nschonni
Copy link
Contributor

nschonni commented Jul 4, 2018

Can probably nuke https://github.com/sass/node-sass/blob/master/.github/ISSUE_TEMPLATE/Custom.md too, but it could be done after

@xzyfer xzyfer merged commit cc6ff42 into master Jul 5, 2018
@xzyfer xzyfer deleted the bump-request branch July 5, 2018 10:00
@Asone Asone mentioned this pull request Jul 21, 2018
Closed
@gene1wood
Copy link

Resolved in node-sass@4.9.3. Upgrade to quiet npm

gene1wood added a commit to gene1wood/auth0-custom-lock that referenced this pull request Jan 18, 2019
@gene1wood
Update dev dependency on node-sass to 4.9.3 to mitigate cryptiles vul…
c404245 
…nerability

Dev dependencies contain `gulp-sass`
which depends on `node-sass`
`node-sass` [`4.9.3` requires `request` `2.87.0`](sass/node-sass#2435)
[`request` `2.87.0` removes dependency on `hawk`](request/request#2943)
`hawk` depends on `cryptiles`
`cryptiles` has the vulnerability https://nvd.nist.gov/vuln/detail/CVE-2018-1000620
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nschonni nschonni nschonni approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Security issue in dependencies
3 participants
@xzyfer @nschonni @gene1wood