Security: Update dependency sshpk

TritonDataCenter / node-http-signature

Reference implementation of Joyent's HTTP Signature Scheme

https://tritondatacenter.com

MIT License

405 stars 118 forks source link

Security: Update dependency sshpk #84

Closed FantasticFiasco closed 5 years ago

FantasticFiasco commented 5 years ago

I am indirectly referencing your package, and GitHub has warned me that your current package version is referencing a version of sshpk that has a security issue (for more information see NVD).

Would it be possible for you to update your dependency towards sshpk?

nilsmagnus commented 5 years ago

Snyk also warns me about the dependency sspk of this package. Upgrade to version 1.14.2 or later to redeem this issue. Read the full description of the issue at https://app.snyk.io/vuln/npm:sshpk:20180409

FantasticFiasco commented 5 years ago

I've worked around the issue by using the resolutions functionality of yarn. Package owner can close this issue if he or she wants.