Skip to content
This repository has been archived by the owner on Sep 20, 2024. It is now read-only.

vulnerable dependencies #338

Closed
OliPicard opened this issue Jul 24, 2016 · 4 comments
Closed

vulnerable dependencies #338

OliPicard opened this issue Jul 24, 2016 · 4 comments

Comments

@OliPicard
Copy link
Contributor

The ws module needs to be updated to version 1.1.1 after it was discovered that 1.1.0 contained a attack vector that could allow DoS due to excessively large websocket message.

See https://nodesecurity.io/advisories/socketio_dos-due-to-excessively-large-websocket-message
@OliPicard
Copy link
Contributor Author

In addtion minimatch requires an update to 3.0.2 to resolve a possible regex DoS attack vector.

@OliPicard OliPicard changed the title Vunrable dependencies vulnerable dependencies Jul 24, 2016
@anonrig
Copy link
Contributor

anonrig commented Jul 24, 2016

You're right. Can you open a PR for this?

@OliPicard
Copy link
Contributor Author

@anonrig I have see #339

@anonrig
Copy link
Contributor

anonrig commented Jul 24, 2016

Thank you! Merged.

@anonrig anonrig closed this as completed Jul 24, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@anonrig @OliPicard