Security Vulnerabilities (NSP) - dependency upgrades

[YasharF]

$ nsp check(+)

1. Denial-of-Service Extended Event Loop Blocking Dependency: qs Installed: 0.6.6 Vulnerable: <1.0.0 Patched: >= 1.x Path: node-linkedin@0.5.3 > request@2.31.0 > qs@0.6.6 More Info: https://nodesecurity.io/advisories/28
2. Denial-of-Service Memory Exhaustion Dependency: qs Installed: 0.6.6 Vulnerable: <1.0.0 Patched: >= 1.x Path: node-linkedin@0.5.3 > request@2.31.0 > qs@0.6.6 More Info: https://nodesecurity.io/advisories/29
3. Regular Expression Denial of Service
   Dependency: hawk Installed: 1.0.0 Vulnerable: < 3.1.3 || >= 4.0.0 <4.1.1 Patched: >=3.1.3 < 4.0.0 || >=4.1.1
   Path: node-linkedin@0.5.3 > request@2.31.0 > hawk@1.0.0 More Info: https://nodesecurity.io/advisories/77
4. ReDoS via long string of semicolons Dependency: tough-cookie Installed: 0.9.15 Vulnerable: >=0.9.7 <=2.2.2 Patched: >=2.3.0 Path: node-linkedin@0.5.3 > request@2.31.0 > tough-cookie@. More Info: https://nodesecurity.io/advisories/130

[YasharF]

It looks like request needs to be updated to the latest version to fix these.

[YasharF]

Can you do a package version for npm to get the repo code out? https://www.npmjs.com/package/node-linkedin is still pointing to the 8 mo old code.

[ArkeologeN]

done :)