Closed jonathanpdiaz closed 6 years ago
Hi @rjz,
We just bumped our stack to Node 10 and NPM6 and I got this report from npm audit from this lib.
npm audit
│ Low │ Large gzip Denial of Service │ Package │ superagent │ Patched in │ >=3.7.0 │ Dependency of │ supertest-session [dev] │ Path │ supertest-session > supertest > superagent │ More info │ https://nodesecurity.io/advisories/479
I have tried updating supertest to the 3.1.0 on my local, tests are passing, our projects haven't got issues and the security issue is resolved.
supertest
3.1.0
Would you considering update this dependency to remove the warning? I can send a PR if you prefer it, just let me know.
Thanks!
Absolutely, @jonathanpdiaz, and thanks for reporting this! v3.3.0 bumps the dependency version.
rjz
commented
6 years ago
Hi @rjz,
We just bumped our stack to Node 10 and NPM6 and I got this report from
npm auditfrom this lib.│ Low │ Large gzip Denial of Service │ Package │ superagent │ Patched in │ >=3.7.0 │ Dependency of │ supertest-session [dev] │ Path │ supertest-session > supertest > superagent │ More info │ https://nodesecurity.io/advisories/479
I have tried updating
supertestto the3.1.0on my local, tests are passing, our projects haven't got issues and the security issue is resolved.Would you considering update this dependency to remove the warning? I can send a PR if you prefer it, just let me know.
Thanks!