Skip to content

/ winston-loggly-bulk

forked from winstonjs/winston-loggly
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security vulnerability #17

Closed
richkn opened this issue Apr 21, 2017 · 2 comments
Closed

Security vulnerability #17

richkn opened this issue Apr 21, 2017 · 2 comments

Comments

@richkn
Copy link

@richkn richkn commented Apr 21, 2017

nsp check reports two vulnerabilities:

  1. ReDoS via long string of semicolons - https://nodesecurity.io/advisories/130
  2. Remote Memory Exposure - https://nodesecurity.io/advisories/309

These advisories recommend package upgrades for:
request to 2.68.0 or higher
tough-cookie to 2.3.0
@mostlyjason
Copy link

@mostlyjason mostlyjason commented Apr 27, 2017

Thanks we will work on getting these updated
@Shwetajain148 Shwetajain148 mentioned this issue May 22, 2017
Merged
@mostlyjason
Copy link

@mostlyjason mostlyjason commented Jun 8, 2017

This has been addressed, closing
@mostlyjason mostlyjason closed this Jun 8, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
@richkn @mostlyjason
You can’t perform that action at this time.