Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update momentjs to address NSP 532 ReDoS advisory. #305

Merged
merged 5 commits into from Jan 22, 2018
Merged

Update momentjs to address NSP 532 ReDoS advisory. #305

merged 5 commits into from Jan 22, 2018

Conversation

jhdielman
Copy link
Contributor

Description

Addresses recent NSP advisory regarding ReDoS vulnerability.
moment/moment@69ed9d4

@philnash
Copy link
Contributor

Well I don't know why nsp on Travis is failing this for some versions. Looks fine otherwise.

@jhdielman
Copy link
Contributor Author

@philnash Tried updating jsonwebtoken and still failing. It looks like Travis is looking at the current version and seeing a vulnerability in moment still, but that's what we're trying to fix.

@gregory-latinier
Copy link

The file package-lock.json is commit to the repo. May be if you commit in your PR the test may succeed.

@jhdielman
Copy link
Contributor Author

@gregory-latinier Thanks! Apologies, I didn't even notice, been out of pocket for a while. My version of npm wasn't updating the package-lock.json. Should be fixed now :)

@YasharF YasharF mentioned this pull request Dec 18, 2017
Closed
@yelworc
Copy link

yelworc commented Jan 3, 2018

Sorry to be a nuisance, but what's holding this back from being merged? nsp is still reporting the same ReDoS vulnerability for the most recent twilio-node version (3.11.0).

@jhdielman
Copy link
Contributor Author

@yelworc No worries, not a nuisance at all. I'll look into this.

codejudas
codejudas approved these changes Jan 3, 2018
View reviewed changes
Copy link
Contributor

@codejudas codejudas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 Thanks for the contribution

@codejudas codejudas merged commit e53e2eb into twilio:master Jan 22, 2018
dkundel pushed a commit to dkundel/twilio-node that referenced this pull request Jan 29, 2018
@jhdielman @dkundel
Update momentjs to address NSP 532 ReDoS advisory. (twilio#305)
33a3e6e 
* Update momentjs to address NSP 532 ReDoS advisory.

* Update nsp.

* Update jsonwebtoken which removes joi -> moment@2.18.1

* Updating package-lock.

* Set nsp to 2.8.0.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codejudas codejudas codejudas approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@jhdielman @philnash @gregory-latinier @yelworc @codejudas