Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump request to 2.74.* to address vulnerability #554

Closed
astorije opened this issue Aug 10, 2016 · 0 comments
Closed

Bump request to 2.74.* to address vulnerability #554

astorije opened this issue Aug 10, 2016 · 0 comments
Labels
Type: Security Security concern or PRs that must be reviewed with extra care regarding security.
Milestone
2.0.0

Comments

@astorije
Copy link
Member

See https://nodesecurity.io/advisories/130 and request/request#2295.

$ npm install thelounge@next
npm WARN deprecated tough-cookie@2.2.2: ReDoS vulnerability parsing Set-Cookie https://nodesecurity.io/advisories/130

This requires testing to ensure that bumping request does not break anything else.

Diff since the version we use (2.72.0) at request/request@v2.72.0...master.
@astorije astorije added the Type: Security Security concern or PRs that must be reviewed with extra care regarding security. label Aug 10, 2016
@astorije astorije added this to the 2.0.0 milestone Aug 10, 2016
@astorije astorije mentioned this issue Aug 15, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Security Security concern or PRs that must be reviewed with extra care regarding security.
Projects
None yet
Milestone
2.0.0
Development

No branches or pull requests
1 participant
@astorije