Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please bump request dependency version to >= 2.83.0 #322

Closed
HowWeRollingham opened this issue Sep 29, 2017 · 7 comments
Closed

Please bump request dependency version to >= 2.83.0 #322

HowWeRollingham opened this issue Sep 29, 2017 · 7 comments

Comments

@HowWeRollingham
Copy link

Request 2.81.0 currently specified contains a REDoS vulnerability.

This is fixed as of version 2.83.0
@dancrumb
Copy link

PR #321 addresses this

@thom-nic thom-nic mentioned this issue Oct 2, 2017
Closed
@springmeyer
Copy link
Contributor

Currently locked on older request due to #319. I will be releasing a newer node-pre-gyp series that drops node v0.10.x support in the coming weeks.

@christemple
Copy link

@springmeyer any updates on this?

@springmeyer
Copy link
Contributor

@christemple thanks for the ping. Unfortunately no, but on my list. Will close this as soon as I have time to do a release.

@wtgtybhertgeghgtwtg
Copy link

If old versions will be dropped, maybe #245 could be back on the table.

@springmeyer
Copy link
Contributor

@wtgtybhertgeghgtwtg - yes, that can be back on the table once I start a release series (1.x) that does not support node v0.x (v0.10.x or v0.12.x).

@springmeyer
Copy link
Contributor

this is fixed in the v0.7.0 release that just landed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@springmeyer @christemple @dancrumb @HowWeRollingham @wtgtybhertgeghgtwtg