Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix/mute nsp errors #684

Merged
merged 1 commit into from
Sep 28, 2017
Merged

Fix/mute nsp errors #684

merged 1 commit into from
Sep 28, 2017

Conversation

tripu
Copy link
Member

@tripu tripu commented Sep 27, 2017
edited
Loading

  • Express: I rejected greenkeeper's automatic upgrade to that pre-release earlier today, as I usually do, without realising it's the best way to prevent one of the vulnerabilities. Using that now.
  • superagent: not fixed anywhere. Added exception for now.
  • socket.io: dependency not fixed anywhere. Added exception for now.

After merging: please tag Specberus with a new patch number (3.4.1) and publish it on npm, so that w3c/echidna#497 can pick it up.

@tripu tripu added the security label Sep 27, 2017
@tripu tripu requested a review from deniak September 27, 2017 16:45
@tripu tripu mentioned this pull request Sep 27, 2017
Merged
@deniak deniak merged commit 45429ba into master Sep 28, 2017
@deniak
Copy link
Member

deniak commented Sep 28, 2017

@tripu I merged your PR but I missed that the new express release brought its own nsp vulnerability. I didn't close the branch so you can add https://nodesecurity.io/advisories/535 to the list.

@tripu tripu mentioned this pull request Sep 28, 2017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@deniak deniak Awaiting requested review from deniak

Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tripu @deniak