-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dependent Lib: Request should upgrade to newer version #71
Comments
Another reason to do this: the version of request used uses a vulernable tough-cookie dependency https://nodesecurity.io/advisories/525 New version is available after this PR closed (salesforce/tough-cookie#92). Please update so |
Yet another reason: the Since there is already a pull request #75 for this, can it be merged? |
And another... The current pinned version of the request module has an ancestral dependency on a version of hoek that has a DDOS vulnerability. Upgrading the request module to any version > 2.84.0 should suffice. |
hoek node module before 5.0.3 or 4.2.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability - updating request will maybe solve it |
Problem:
The current dependent lib
request
version ofrequest": "2.75.x"
has an old dependency ofaws-sign2: 0.6.0
which has a serious bug of duplicated exporting names: request/aws-sign#7And this is preventing bundle tools such as
rollup
to fail because it can't allow duplicated exports from the same module.The text was updated successfully, but these errors were encountered: