search

krg7880 / json-schema-generator

Generates draft v4 schema from a local file or a remote JSON url.
MIT License
174 stars 53 forks source link

Update shrinkwrap and request dependency due to tough-cookie #21

Open elkorep opened 7 years ago

elkorep commented 7 years ago

Update tough-cookie version to at least 2.3.0 https://github.com/krg7880/json-schema-generator/blob/master/npm-shrinkwrap.json#L150 # Update request to v2.81.1 Reason being is that the dependency tough-cookie is v2.3.0 on that version while on request v2.47.x and v2.51.x uses tough-cookie v0.12.0 which has vulnerability issues

npm WARN deprecated tough-cookie@2.2.2: ReDoS vulnerability parsing Set-Cookie https://nodesecurity.io/advisories/130

The latest request module has tough-cooke@2.3.0 which fixes this issue

smartmouse commented 7 years ago

The issue has been resolved, Thanks to schadha-ibm and krg7880.