New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix for 2 vulnerable dependency paths #59

Merged
merged 1 commit into from Oct 26, 2016

Conversation

Projects
None yet
2 participants
@snyk-community
Contributor

snyk-community commented Oct 13, 2016

explorer currently has a 33 vulnerable dependency paths, introducing 15 different types of known vulnerabilities.

This PR fixes vulnerable dependencies, remote memory exposure vulnerability in the request dependency and ReDOS vulnerability in the hawk dependency.

You can see Snyk test report of this project for details.

This PR changes Package.json to upgrade request to the newer 2.74.0 version, and will fix the vulnerability listed above.

You can get alerts and fix PRs for future vulnerabilities for free by watching this repo with Snyk.

Note this PR fixes all the vulnerabilities introduced trough request dependency, in order to be vulnerability free you will need to upgrade others dependencies as well.

Stay Secure,
The Snyk Team

Fix for 2 vulnerable dependency paths
explorer currently has a 33 vulnerable dependency paths, introducing 15 different types of known vulnerabilities.

This PR fixes vulnerable dependencies, [remote memory exposure ](https://snyk.io/vuln/npm:request:20160119) vulnerability in the `request` dependency and [ReDOS vulnerability](https://snyk.io/vuln/npm:hawk:20160119) in the `hawk` dependency.

You can see [Snyk test report](https://snyk.io/test/github/iquidus/explorer) of this project for details. 

This PR changes `Package.json` to upgrade `request` to the newer 2.74.0 version, and will fix the vulnerability listed above.

You can get alerts and fix PRs for future vulnerabilities for free by [watching this repo with Snyk](https://snyk.io/add).

Note this PR fixes all the vulnerabilities introduced trough `request` dependency, in order to be vulnerability free you will need to upgrade others dependencies as well.

Stay Secure,
The Snyk Team

@iquidus iquidus merged commit c8ac131 into iquidus:master Oct 26, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment