Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix for 2 vulnerable dependency paths #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Commits on Sep 28, 2016

  1. Fix for 2 vulnerable dependency paths

    nodist currently has a 2 vulnerable dependency, introducing 3 different types of known vulnerabilities.
    
    [ReDOS vulnerability](https://snyk.io/vuln/npm:tough-cookie:20160722) in the `tough-cookie` dependency and [remote memory exposure](https://snyk.io/vuln/npm:request:20160119) vulnerability in the `request` dependency.
    
    You can see [Snyk test report](https://snyk.io/test/github/marcelklehr/nodist) of this project for details. 
    
    This PR changes `Package.json` to upgrade `request` to the newer 2.74.0 version, and will fix all  the vulnerability listed above.
    You can get alerts and fix PRs for future vulnerabilities for free by [watching this repo with Snyk](https://snyk.io/add).
    
    Note this PR fixes all the vulnerabilities introduced trough `request` dependency, in order to be vulnerability free you will need to upgrade `recursive-readdir` dependency as well.
    
    Stay Secure,
    The Snyk Community
    snyk-community authored Sep 28, 2016
    Configuration menu
    Copy the full SHA
    4728ecd View commit details
    Browse the repository at this point in the history