New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent Object prototype pollution. #40
Conversation
If you want to fix ci test, follow me:
I know that removing ssl in this case isn't the best solution however for older versions of the node you can use proxy but that solution fix the ci test. I believe that next release that repo can remove the Node < 4 support, but that fix is most important than next release. |
See https://hackerone.com/reports/311333. Remove yarn.lock and disabled SSL checks to pass CI for older versions of node.
@gustavobeavis done (I think) |
@mwakerman Thanks, I'll make a release soon. |
Merged to |
Vulnerability alert still pops up with 0.5.1 |
is this an erroneous alert or is the package still vulnerable? |
I don't think so, at least I don't have any proofs that it happens. node-deep-extend/test/index.spec.js Lines 260 to 266 in f3f2b4f
|
See https://hackerone.com/reports/311333.
Resolves #39