nsp reports potentially bad version of connect used by karma #1295
Comments
|
And since I'm already posting, here's all the "outdated" modules, per $ npm outdated --depth 0 | sort
Package Current Wanted Latest Location
chai 1.9.2 1.9.2 1.10.0 chai
chokidar 0.12.6 1.0.0-rc2 0.12.6 chokidar
coffee-script 1.7.1 1.7.1 1.9.0 coffee-script
colors 0.6.2 0.6.2 1.0.3 colors
connect 2.26.6 2.26.6 3.3.4 connect
glob 3.2.11 3.2.11 4.3.5 glob
graceful-fs 2.0.3 2.0.3 3.0.5 graceful-fs
grunt-browserify 2.1.4 2.1.4 3.3.0 grunt-browserify
grunt-contrib-jshint 0.10.0 0.10.0 0.11.0 grunt-contrib-jshint
grunt-jscs-checker 0.6.2 0.6.2 0.8.1 grunt-jscs-checker
http-proxy 0.10.4 0.10.4 1.8.1 http-proxy
karma-jasmine 0.1.5 0.1.5 0.3.5 karma-jasmine
LiveScript 1.2.0 1.2.0 1.3.1 LiveScript
load-grunt-tasks 0.6.0 0.6.0 3.1.0 load-grunt-tasks
lodash 2.4.1 2.4.1 3.0.0 lodash
minimatch 0.2.14 0.2.14 2.0.1 minimatch
mkdirp 0.3.5 0.3.5 0.5.0 mkdirp
mocha 1.20.1 1.20.1 2.1.0 mocha
q 0.9.7 0.9.7 1.1.2 q
sinon 1.10.3 1.10.3 1.12.2 sinon
sinon-chai 2.5.0 2.5.0 2.6.0 sinon-chai
socket.io 0.9.16 0.9.16 1.3.2 socket.io
source-map 0.1.43 0.1.43 0.2.0 source-map
useragent 2.0.10 2.0.10 2.1.5 useragent |
|
Thanks, closing in favor of #1410 which is tracking these upgrades |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Steps to reproduce:
Actual results:
I think this is the serve-static issue in question: https://nodesecurity.io/advisories/serve-static-open-redirect (fixed in serve-static@>=1.7.2) which seems to be fixed in newer versions of connect@2.28.0 and later.
The text was updated successfully, but these errors were encountered: