Closed jkrems closed 10 years ago
jkrems
commented
10 years ago Sorry about the second commit - the problem is that newer versions of request are using (or pulling in) caret ranges. Which means the choice is between "include code with known security issues" or "drop support for older versions of npm". Maybe there are other options I'm not seeing here though.
jkrems
commented
10 years ago I don't think it will be possible to make this work with node back to 0.6 since it looks like the more recent npm versions require os.tmpDir(). Not sure if dropping 0.6 support is an option for this project.
jkrems
commented
10 years ago Sorry for this, just realized that the version of request currently used in here is actually old enough that it doesn't have a dependency on qs yet. Sorry for the confusion. :)
cyli
commented
10 years ago @jkrems Thanks for trying to solve a potential security problem! I should really try to upgrade the dependencies at some point, in which case this would be really useful!
There are security issues with qs < 1.0
See: https://github.com/mikeal/request/commit/5955c365820dca48a5c6bdbeb48ef1962689794e