search

GitbookIO / nuts

:chestnut: Releases/downloads server with auto-updater and GitHub as a backend
http://nuts.gitbook.com
Apache License 2.0
1.25k stars 299 forks source link

Fix for vulnerable dependency path #104

Open snyk-community opened 7 years ago

snyk-community commented 7 years ago

nuts currently has a 5 vulnerable dependency paths, introducing 2 different types of known vulnerabilities.

This PR fixes vulnerable dependency, remote memory exposure vulnerability in the request dependency.

You can see Snyk test report of this project for details.

This PR changes Package.json to upgrade request to the newer 2.74.0 version, and will fix the vulnerability listed above. You can get alerts and fix PRs for future vulnerabilities for free by watching this repo with Snyk.

Note this PR fixes all the vulnerabilities introduced trough request dependency, in order to be vulnerability free you will need to upgrade octocat,analytics-node and body-parser dependencies as well.

Stay Secure, The Snyk Team

loprima-l commented 1 year ago

Hi, I merged the project to a new repo to start maintain it, I would be glad if you can put your pull request here : https://github.com/loprima-l/nuts-2