search

Macil / browserify-hmr

Hot Module Replacement plugin for Browserify
MIT License
373 stars 26 forks source link

Add check for Origin & Host headers #45

Closed jeremija closed 5 years ago

jeremija commented 5 years ago

closes #41, closes #43

This commit is an attempt to fix the isuse in NPM security advisory:

https://www.npmjs.com/advisories/726

Further reading:

Macil commented 5 years ago

Thanks!

jeremija commented 5 years ago

Thanks for merging! I noticed you published a new version on NPM, but the advisory still says version 0.4.0 is affected.

Do you happen to know how to change this?

Macil commented 5 years ago

I don't know why it lists 0.4.0 as an affected version. I've messaged npm support about it.

jeremija commented 5 years ago

I sent them an email too yesterday. Looks like they have affected versions hardcoded. This is a part of the output of npm audit --json:

  "vulnerable_versions": "*",
  "patched_versions": "<0.0.0",
jeremija commented 5 years ago

Looks like they fixed it! 👍