---------- Forwarded message ---------
From: Heroku <no-reply@heroku.com <mailto:no-reply@heroku.com>>
Date: Wed, Jul 12, 2017 at 9:10 PM
Subject: [software] [ACTION REQUIRED] Follow-up: Node.js security update on Heroku
Hello,
Earlier today, we notified you that you had one or more Node.js applications affected by a recent vulnerability <http://hello.heroku.com/e/36622/y-july-2017-security-releases-/cqwlkl/643538443>. We sincerely apologize if the email you received did not include the list of affected applications.
Note: Apps that have already been upgraded will appear in this list.
Upgrading
1. Review your package.json file. You need to assure your engines section specifies a version that is not vulnerable: 4.8.4, 6.11.1, 7.10.1, or 8.1.4. If you do not specify a version, 6.11.1 will be used automatically. Please see Specifying a Node.js version <http://hello.heroku.com/e/36622/t-specifying-a-node-js-version/cqwlkn/643538443> for details.
2. Push a new commit to your app, which will cause a deploy. For example:
$ heroku git:clone -a APPNAME
# review your package.json and edit if necessary (see above)
$ git add package.json
$ git commit --allow-empty -m "Upgrade Node.js version"
$ git push heroku master
If you have any additional questions, please view our detailed FAQ <http://hello.heroku.com/e/36622/htable-seeds-vulnerability-faq/cqwlkq/643538443>.
Heroku, 650 7th Street
San Francisco, CA 94103
@prattsj commented on Thu Jul 13 2017