Closed pasqLisena closed 6 years ago
Hi @pasqLisena , thanks for the detailed question, As you pointed out few weeks ago i updated the library because i was having some troubles on the continuos integration on Travis, most likely related to that vulnerability issue on hawk, apparently a quite common problem, that was preventing the build to pass. That's why i locked the library (<2.81) to a version that didn't raise the problem. The last version (2.87) thanks for your suggestion is working fine, no error has been raised from Travis.
I've just made a new release. Thanks :)
Thanks @kinotto , I confirm that all the security problems are now fix 👍
great @pasqLisena 👍
Hello, in my project I have some vulnerabilities that depends on your library (see logs below).
They depend on the use of old version of the
hawk
library imported byrequest
. They already solved the problem because, since version 2.87,request
is using a local implementation of hawk.I see that you recently downgraded
request
to 2.81. Why this downgrade? Any chances to upgrade to 2.87 and solve the vulnerability issue?LOGS coming from
npm audit