Update minimum request version to enforce security fix in tough-cookie dependency

strongloop / strong-remoting

Communicate between objects in servers, mobile apps, and other servers.

www.strongloop.com

Other

105 stars 93 forks source link

Update minimum request version to enforce security fix in tough-cookie dependency #425

Closed quentinR closed 7 years ago

quentinR commented 7 years ago

Update the version of the request dependency, due to a security issue in the tough-cookie library

The tough-cookie module is vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds.

tough-cookie vulnerability request update

slnode commented 7 years ago

Can one of the admins verify this patch? To accept patch and trigger a build add comment ".ok\W+to\W+test."

slnode commented 7 years ago

Can one of the admins verify this patch?

slnode commented 7 years ago

Can one of the admins verify this patch?

slnode commented 7 years ago

Can one of the admins verify this patch?

bajtos commented 7 years ago

@slnode ok to test

quentinR commented 7 years ago

@bajtos thanks for the review, I updated my PR regarding your comment. Let me know if you want me to squash the commits.

bajtos commented 7 years ago

Landed, thank you for the contribution! 👍