Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Skip sending the proxyReq event when the expect header is present #1447

Merged
merged 2 commits into from May 17, 2020

Conversation

@jsmylnycky
Copy link
Contributor

@jsmylnycky jsmylnycky commented May 15, 2020

Hotfix for https://www.npmjs.com/advisories/1486

Expecting build error due to Node 6. Waiting for #1397 to be merged to have a clean CI build.

Smylnycky, Jason M
@jimmyandrade
Copy link

@jimmyandrade jimmyandrade commented May 16, 2020

+1

@alexgvozden
Copy link

@alexgvozden alexgvozden commented May 17, 2020

will anyone merge this if it solves the issue?

@amitmula
Copy link

@amitmula amitmula commented May 17, 2020

Any ETA on when this is getting merged ?

@Hypnosphi
Copy link

@Hypnosphi Hypnosphi commented May 17, 2020

@indexzero @jcrugzz looks like this requires your immediate attention

@indexzero
Copy link
Contributor

@indexzero indexzero commented May 17, 2020

My children are the only thing that requires immediate attention, sorry. Software happens during normal working hours. Didn't get to this on Friday, therefore it will be tomorrow.

Jarrett may have a moment, I have asked him.

@jcrugzz
Copy link
Contributor

@jcrugzz jcrugzz commented May 17, 2020

@jsmylnycky thanks for the work here. Will release this fix in a few

@jcrugzz jcrugzz merged commit 335aeeb into master May 17, 2020
0 of 2 checks passed
0 of 2 checks passed
continuous-integration/travis-ci/pr The Travis CI build failed
Details
continuous-integration/travis-ci/push The Travis CI build failed
Details
@jcrugzz jcrugzz deleted the hotfix/advisory-1486 branch May 17, 2020
@jcrugzz
Copy link
Contributor

@jcrugzz jcrugzz commented May 17, 2020

published as 1.18.1

@chimurai chimurai mentioned this pull request May 17, 2020
1 of 2 tasks complete
@fabb
Copy link

@fabb fabb commented May 18, 2020

Have you informed npm support to whitelist this version? Currently it‘s still blacklisted: https://www.npmjs.com/advisories/1486/versions
The support usually resolves such inquiries within a few hours: security@npmjs.com

@Hypnosphi
Copy link

@Hypnosphi Hypnosphi commented May 18, 2020

@indexzero that's understandable, sorry for my wording. But the vulnerability seems reported almost 3 months ago. Do you consider adding more core maintainers as an option?

@jsmylnycky
Copy link
Contributor Author

@jsmylnycky jsmylnycky commented May 18, 2020

@Hypnosphi If you take a look at the top of the Issues page, there's two pinned posts going back to Aug/Sept, basically looking to get more people active with the future of this project. There's been very little activity from folks willing to actually jump in and contribute tho. If it is something you're interested in doing, I suggest you take a look at those posts and leave some comments to get in touch :)

@Lucidiot
Copy link

@Lucidiot Lucidiot commented May 18, 2020

Just out of curiosity, was the vulnerability actually reported to the maintainers? This would not be the first time nobody knows about the issue until the advisory goes public: sass/node-sass#2816 (comment)

@hendrikmolder
Copy link

@hendrikmolder hendrikmolder commented May 18, 2020

Have you informed npm support to whitelist this version? Currently it‘s still blacklisted: https://www.npmjs.com/advisories/1486/versions
The support usually resolves such inquiries within a few hours: security@npmjs.com

They've now marked the fixed version as unaffected

Copy link

@ryan-ally ryan-ally left a comment

good

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

You can’t perform that action at this time.