Closed pdehaan closed 9 years ago
:+1:
Hi @pdehaan @jbender this vulnerability is breaking my pipeline as you've never pushed to npmjs.org since making the change.
Can I ask when you plan to do a version bump?
Hi I can bump next Tues when I'm back at work. Sorry it can't be sooner.
On Fri, Jun 26, 2015 at 11:14 AM, Karl Stoney notifications@github.com wrote:
Hi @pdehaan @jbender this vulnerability is breaking my pipeline as you've never pushed to npmjs.org since making the change.
Can I ask when you plan to do a version bump?
Reply to this email directly or view it on GitHub: https://github.com/danwrong/restler/issues/186#issuecomment-115596005
@easternbloc That'd be great, thanks! Please let me know when you've done it
@easternbloc polite ping/reminder :) We have a release tomorrow and would be great to get this in for that.
@Stono done :love_letter:
@easternbloc legend, thank you. You may wanna close #216 as completed
Re: https://blog.liftsecurity.io/2014/08/06/denial-of-service-in-qs https://nodesecurity.io/advisories/qs_dos_extended_event_loop_blocking https://nodesecurity.io/advisories/qs_dos_memory_exhaustion
The hapijs/qs module should be updated to the latest 1.x (I believe the current latest is qs@1.2.0 already).
Steps to reproduce:
Clone repo:
Install modules:
Create npm-shrinkwrap file, including
devDependencies
:Install the
nsp
module globally:Check the newly generated npm-shrinkwrap.json file against the nodesecurity.io database:
And I was grabbing the latest versions of the modules in package.json using
npm outdated
: