Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix security vulnerabilities #67

Merged
merged 1 commit into from
Mar 4, 2020

Conversation

shawnmcknight
Copy link
Member

When installing the latest release I saw that there was a security vulnerability in @hapi/accept and they have deprecated the 4.x.x version. Unfortunately that advisory came out the day after this repo was updated to 4.x.x. It looks like they now show 3.2.4 as fixed and supporting node 10 which previously only indicated node 8. I have downgraded the version to 3.2.4 to avoid the security vulnerability.

Additionally, there was a vulnerability coming from npm-check. I figured that while I was fixing one vulnerability I would take care of the other.

@shawnmcknight
Copy link
Member Author

@icebob That @hapi/accept is a high vulnerability and its for DoS so it would probably be good to get another release out to address it. Bad timing with a release being shipped today...

Copy link
Member

@icebob icebob left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No problem. Thanks the fix, I'm going to release it.

@icebob icebob merged commit feaee2f into moleculerjs:master Mar 4, 2020
@icebob
Copy link
Member

icebob commented Mar 4, 2020

Released 0.2.2

@shawnmcknight shawnmcknight deleted the fix-hapi-accept branch May 2, 2020 16:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants