ReDoS vulnerability parsing Set-Cookie

MitocGroup / recink

REciNK - Rethink Continuous Integration for JavaScript Applications

https://www.npmjs.org/package/recink

Mozilla Public License 2.0

14 stars 5 forks source link

ReDoS vulnerability parsing Set-Cookie #82

Open eistrati opened 6 years ago

eistrati commented 6 years ago

npm WARN deprecated tough-cookie@0.9.14: ReDoS vulnerability parsing Set-Cookie https://nodesecurity.io/advisories/130

eistrati commented 6 years ago

While here, please check all dependencies that throw warnings:

1) npm WARN deprecated tough-cookie@0.9.14: ReDoS vulnerability parsing Set-Cookie https://nodesecurity.io/advisories/130
2) npm WARN deprecated node-uuid@1.3.3: Use uuid module instead
3) npm WARN deprecated connect@2.7.10: connect 2.x series is deprecated
4) npm WARN deprecated CSSselect@0.7.0: the module is now available as 'css-select'
5) npm WARN deprecated CSSwhat@0.4.7: the module is now available as 'css-what'

ddimitrioglo commented 6 years ago

1) Requested an enhancement https://github.com/DevExpress/testcafe/issues/1949 2) Requested an enhancement https://github.com/DevExpress/testcafe/issues/1950

ddimitrioglo commented 6 years ago

@eistrati after switching to testcafe@0.18.4 now we have only one warning:

npm WARN deprecated node-uuid@1.4.8: Use uuid module instead

which is a dependency of request which is dependency of travis-ci

P.S. I've opened an issue

ddimitrioglo commented 6 years ago

@avozicov I've upgraded testcafe package, please let me know if it fixed the issue P.S. It will be testable right after releasing recink

avozicov commented 6 years ago

Test Failed

the warning with deprecated node-uuid@1.4.8: still displaying during recink install

Please refer to attachment for more details: