Skip to content
This repository has been archived by the owner on Aug 11, 2021. It is now read-only.

Update ssri to non-vulnerable version #169

Merged
merged 1 commit into from
Feb 27, 2018
Merged

Update ssri to non-vulnerable version #169

merged 1 commit into from
Feb 27, 2018

Conversation

heikkipora
Copy link
Contributor

Fixes https://nodesecurity.io/advisories/565

Before:

> nsp check

(+) 1 vulnerability found
┌────────────┬────────────────────────────────────────────────────────────────────┐
│            │ ReDoS in ssri                                                      │
├────────────┼────────────────────────────────────────────────────────────────────┤
│ Name       │ ssri                                                               │
├────────────┼────────────────────────────────────────────────────────────────────┤
│ CVSS       │ 5.3 (Medium)                                                       │
├────────────┼────────────────────────────────────────────────────────────────────┤
│ Installed  │ 4.1.6                                                              │
├────────────┼────────────────────────────────────────────────────────────────────┤
│ Vulnerable │ <=5.2.1                                                            │
├────────────┼────────────────────────────────────────────────────────────────────┤
│ Patched    │ >=5.2.2                                                            │
├────────────┼────────────────────────────────────────────────────────────────────┤
│ Path       │ npm-registry-client@8.5.0 > ssri@4.1.6                             │
├────────────┼────────────────────────────────────────────────────────────────────┤
│ More Info  │ https://nodesecurity.io/advisories/565                             │
└────────────┴────────────────────────────────────────────────────────────────────┘

After:

> nsp check

(+) No known vulnerabilities found

zkat
zkat approved these changes Feb 27, 2018
View reviewed changes
Copy link
Contributor

@zkat zkat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hey cool, thanks! This is super helpful :)

@zkat zkat merged commit 519401a into npm:master Feb 27, 2018
@sisidovski sisidovski mentioned this pull request Mar 8, 2018
Open
@coveralls
Copy link

Coverage Status

Coverage decreased (-6.1%) to 85.069% when pulling 79ae4f5 on heikkipora:master into c03a77a on npm:master.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@zkat zkat zkat approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@heikkipora @coveralls @zkat