Security advisory on http-proxy-agent & https-proxy-agent

zkat / make-fetch-happen

Get in loser, we're making requests!

Other

384 stars 27 forks source link

Security advisory on http-proxy-agent & https-proxy-agent #53

Closed ghost closed 6 years ago

ghost commented 6 years ago

The joys of npm audit :)

https://nodesecurity.io/advisories/607 Versions of http-proxy-agent before 2.1.0 are vulnerable to denial of service and uninitialized memory leak when unsanitized options are passed to Buffer.

https://nodesecurity.io/advisories/593 Versions of http-proxy-agent before 2.1.0 are vulnerable to denial of service and uninitialized memory leak when unsanitized options are passed to Buffer.

Txs

SimenB commented 6 years ago

This repo uses 2.1.0 or newer for both, though?

https://github.com/zkat/make-fetch-happen/blob/508c0af20e02f86445fc9b278382abac811f0393/package.json#L39-L40

ghost commented 6 years ago

You're right, npm-profile is the issue. txs

CuAnnan commented 6 years ago

Yeah, sorry about that. Was about to close.