Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update shrinkwrap and request dependency due to tough-cookie #21

Open
elkorep opened this issue Aug 9, 2017 · 1 comment
Open

Update shrinkwrap and request dependency due to tough-cookie #21

elkorep opened this issue Aug 9, 2017 · 1 comment

Comments

@elkorep
Copy link

elkorep commented Aug 9, 2017
edited
Loading

Update tough-cookie version to at least 2.3.0 https://github.com/krg7880/json-schema-generator/blob/master/npm-shrinkwrap.json#L150

Update request to v2.81.1
Reason being is that the dependency tough-cookie is v2.3.0 on that version while on request v2.47.x and v2.51.x uses tough-cookie v0.12.0 which has vulnerability issues

npm WARN deprecated [email protected]: ReDoS vulnerability parsing Set-Cookie https://nodesecurity.io/advisories/130

The latest request module has [email protected] which fixes this issue
@elkorep elkorep changed the title Update request dependency Update shrinkwrap and request dependency due to tough-cookie Aug 9, 2017
@smartmouse
Copy link

The issue has been resolved, Thanks to schadha-ibm and krg7880.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@smartmouse @elkorep