update github-url-to-object to avoid DoS vuln

nice-registry / nice-package

📦 Clean up messy package metadata from the npm registry

35 stars 7 forks source link

update github-url-to-object to avoid DoS vuln #20

Closed erulabs closed 6 years ago

erulabs commented 6 years ago

Hello!

Love the package! Recently SNYK issued a vulnerability report issued for a dependency, "github-url-to-object" (https://snyk.io/vuln/npm:github-url-to-object:20180226). That issue has been fixed in github-url-to-object version 4.

I've gone ahead and updated the dependency (all tests pass), and added node_modules to a .gitignore just for publishing sanity.

Let me know if I can do anything else to help!!

zeke commented 6 years ago

Thanks, @erulabs. I just published a new version 3.0.4.

I think we were in a room together at the Node Collaborator Summit in Berlin this summer, where you and a colleague gave a demo of some snazzy Node.js API docs. That was you, right?

erulabs commented 6 years ago

@zeke Yep, that was me - small world! Thanks for the merge, and good to run into ya again!

zeke commented 5 years ago

:tada: This PR is included in version 3.1.0 :tada:

The release is available on:

Your semantic-release bot :package::rocket: