Skip to content
This repository has been archived by the owner on Feb 1, 2020. It is now read-only.

Update package.json #55

Merged
merged 1 commit into from
Oct 19, 2017
Merged

Update package.json #55

merged 1 commit into from
Oct 19, 2017

Conversation

modosc
Copy link
Contributor

@modosc modosc commented Oct 19, 2017

update superagent dependency to ensure security fix:

ladjs/superagent#1259
https://nodesecurity.io/advisories/479

@modosc
Update package.json
61dd63d 
update superagent dependency to ensure security fix:

ladjs/superagent#1259
https://nodesecurity.io/advisories/479
@crookedneighbor crookedneighbor merged commit e59725b into crookedneighbor:master Oct 19, 2017
@modosc
Copy link
Contributor Author

modosc commented Oct 20, 2017

thanks - any chance of getting a release out soon with this in it?

@crookedneighbor
Copy link
Owner

It shouldn't be urgent. The only people who are actually affected by this are people using an affected version of superagent in their parent app.

If you're using v3.7.0+ in your app, or not using superagent at all, you should get the latest v3 version of superagent when you npm install.

This PR only really fixes it for people who are pinned to a specific version of superagent between 3.3.1 and 3.7.0 in their own package.json. In which case, they're likely to be affected by it directly, instead of through the amplitude request.

I want to do a little work on this package before the next release. Shouldn't be too long.

Let me know if you think there's a reason to be more urgent about getting this out.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@modosc @crookedneighbor