-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Limit maximum response size #1259
Comments
Heads up, this is blocking my company's CI builds - would appreciate a speedy fix if it's possible. Edit: see https://nodesecurity.io/advisories/479 |
Could you help by making a pull request? |
I'm in to help, breaking our builds as well (for the time being @letsgolesco you can use a |
To ignore for now, add the following to an {
"exceptions": ["https://nodesecurity.io/advisories/479"]
} |
Fixed in v3.7.0 |
update superagent dependency to ensure security fix: ladjs/superagent#1259 https://nodesecurity.io/advisories/479
This is still showing on https://nodesecurity.io/advisories/479 as not fixed, so I've dropped them an email to update the advisory :-) |
It's updated now 🎉 |
Can someone point me to where it is explained how to set a maximum response size? I would like to download more than 200MB, but I can't find how to specify a bigger number. |
In case someone stumbles upon this issue, the maximum response size can be changed via the method superagent.get(url)
.maxResponseSize(4000000000) |
Superagent buffers and uncompresses responses in memory. Malicious server could send extremely large response causing superagent to use excessive amounts of memory.
I suggest adding a way to set a maximum response size, and have a default limit set.
The text was updated successfully, but these errors were encountered: