这是indexloc提供的服务,不要输入任何密码
Skip to content
This repository was archived by the owner on Aug 23, 2024. It is now read-only.

Updating request dependency #142

Merged
merged 1 commit into from
Sep 27, 2014
Merged

Updating request dependency #142

merged 1 commit into from
Sep 27, 2014

Conversation

pdehaan
Copy link
Contributor

@pdehaan pdehaan commented Sep 27, 2014

See https://nodesecurity.io/advisories/qs_dos_extended_event_loop_blocking and https://nodesecurity.io/advisories/qs_dos_memory_exhaustion.

Steps to reproduce

$ git clone https://github.com/pksunkara/octonode.git .

$ npm install

$ npm shrinkwrap --dev
wrote npm-shrinkwrap.json

$ # sudo npm i nsp -g
$ nsp audit-shrinkwrap
Name  Installed  Patched  Vulnerable Dependency
qs      0.6.6     >= 1.x  octonode > request

$ npm outdated --depth 0
Package        Current  Wanted  Latest  Location
coffee-script    1.7.1   1.7.1   1.8.0  coffee-script
nock             0.7.3   0.7.3  0.48.0  nock
request         2.34.0  2.34.0  2.44.0  request

# .travis.yml not found

$ # sudo npm i pjv -g
$ pjv -wr
{ valid: true }

@pdehaan
Updating request dependency
a771a62 
See https://nodesecurity.io/advisories/qs_dos_extended_event_loop_blocking and https://nodesecurity.io/advisories/qs_dos_memory_exhaustion.

### Steps to reproduce

```sh
$ git clone https://github.com/pksunkara/octonode.git .

$ npm install

$ npm shrinkwrap --dev
wrote npm-shrinkwrap.json

$ # sudo npm i nsp -g
$ nsp audit-shrinkwrap
Name  Installed  Patched  Vulnerable Dependency
qs      0.6.6     >= 1.x  octonode > request

$ npm outdated --depth 0
Package        Current  Wanted  Latest  Location
coffee-script    1.7.1   1.7.1   1.8.0  coffee-script
nock             0.7.3   0.7.3  0.48.0  nock
request         2.34.0  2.34.0  2.44.0  request

# .travis.yml not found

$ # sudo npm i pjv -g
$ pjv -wr
{ valid: true }
```
pksunkara added a commit that referenced this pull request Sep 27, 2014
@pksunkara
Merge pull request #142 from pdehaan/patch-1
3976b59 
Updating request dependency
@pksunkara pksunkara merged commit 3976b59 into pksunkara:master Sep 27, 2014
@pksunkara
Copy link
Owner

Thank you. Do you think I should release a minor version 0.7.0 or just patch 0.6.7?

@pdehaan
Copy link
Contributor Author

pdehaan commented Sep 27, 2014

Probably just patch.

On Saturday, September 27, 2014, Pavan Kumar Sunkara <
notifications@github.com> wrote:

Thank you. Do you think I should release a minor version 0.7.0 or just
patch 0.6.7?


Reply to this email directly or view it on GitHub
#142 (comment).

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pdehaan @pksunkara