search

criso / fbgraph

NodeJs module to access the facebook graph api
http://criso.github.io/fbgraph/
1.09k stars 177 forks source link

Tough-cookie package vulnerability #105

Closed freakyfriday closed 7 years ago

freakyfriday commented 7 years ago

There is a vulnerability in the tough-cookie package used by the current request package version 2.69.0

See https://nodesecurity.io/advisories/130

Please upgrade the request package to version 2.74.1 as this uses the tough-cookie package 2.3.0 which doesn't have the above mentioned vulnerability.

sheerlox commented 7 years ago

Good !

freakyfriday commented 7 years ago

Thanks Pierre :-) and thank you for building such a cool library.

cheers

Francesco

On Mon, Jul 25, 2016 at 9:02 PM, Pierre CAVIN notifications@github.com wrote:

Good !

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/criso/fbgraph/issues/105#issuecomment-234924098, or mute the thread https://github.com/notifications/unsubscribe-auth/AH_kqCDLsP8UukXd1IoE1-59RpP_ETPaks5qZJfGgaJpZM4JTgjQ .

sheerlox commented 7 years ago

@freakyfriday I'm not the developer ^^

criso commented 7 years ago

It seems that 2.74.1 isn't on npm yet. I've changed to 2.74.x so, we should be getting the update when possible. Great catch! Thanks!