Closed jkrems closed 10 years ago
Sorry about the second commit - the problem is that newer versions of request are using (or pulling in) caret ranges. Which means the choice is between "include code with known security issues" or "drop support for older versions of npm". Maybe there are other options I'm not seeing here though.
I don't think it will be possible to make this work with node back to 0.6 since it looks like the more recent npm versions require os.tmpDir()
. Not sure if dropping 0.6 support is an option for this project.
Sorry for this, just realized that the version of request currently used in here is actually old enough that it doesn't have a dependency on qs
yet. Sorry for the confusion. :)
@jkrems Thanks for trying to solve a potential security problem! I should really try to upgrade the dependencies at some point, in which case this would be really useful!
There are security issues with qs < 1.0
See: https://github.com/mikeal/request/commit/5955c365820dca48a5c6bdbeb48ef1962689794e