cobyism
commented
7 years ago Thanks for the PR, @vinvasir! ❤️
Happy to merge this in, but it’s worth noting that the code in the current master branch, when deployed to Heroku, resolves the node version to 6.11.1 (see screenshot below):
Any deployments to Heroku made since the newly patched node versions were added to their stack should have ended up with this version, and thus should be secure.
There's a new patch out for Node that addresses a Constant Hashtable Seeds security vulnerability. I updated the package.json to make sure that existing installations of ghost-on-heroku use the new patch.