deiga
commented
7 years ago @tj Any way you could get this merged and released? :) It's not fun to just ignore security warnings https://nodesecurity.io/advisories/146
Closed keymandll closed 7 years ago
deiga
commented
7 years ago @tj Any way you could get this merged and released? :) It's not fun to just ignore security warnings https://nodesecurity.io/advisories/146
tj
commented
7 years ago I don't use node anymore, happy to add someone as maintainer.
deiga
commented
7 years ago @tj I'll volunteer to take the torch, even though I've not been a contributor to this project
tj
commented
7 years ago grr can't sign into npm haha, so annoying having a separate registry, should have you added in a min
tj
commented
7 years ago k there we go, added!
ronkorving
commented
7 years ago Please merge and release this :) We have security alerts going off in both retire and nsp modules.
deiga
commented
7 years ago @keymandll Did you test if this works? When running node tests.js I get an error with Spawn
laserlemon
commented
6 years ago @tj, @deiga :wave: Hello! I'm a GitHub staff member on the team responsible for sending security vulnerability alerts based on CVE reports. CVE-2017-16042 states that versions 1.10.0 and 1.10.1 of growl are vulnerable, although it seems as though this fix was merged prior to release of version 1.10.0. Could you please let me know the vulnerable/secure status of versions 1.10.0 and 1.10.1 with respect to this specific vulnerability?
Please reply as soon as possible. If we don't hear back within ~24 hours, we'll send alerts based on our best determination. Thank you!! :heart: :octocat:
deiga
commented
6 years ago @laserlemon You observed correctly that from 1.10.0 onwards growl should not be vulnerable to CVE-2017-16042 anymore.
Why that report exists is beyond me, frankly.
Great pull request! I hope it gets accepted! ;)