Old request dependency with old depencies wich have vulnerabilities #3169
Comments
Kartoffelsalat
changed the title
|
Can you make a PR? |
|
Sure i will try to :) |
|
https://help.github.com/articles/creating-a-pull-request/ Well, in the simplest case GitHub will automatically fork things for you when you edit and save the file(s) of interest right via web-interface. |
Kartoffelsalat
pushed a commit
to Kartoffelsalat/less.js
that referenced
this issue
Feb 21, 2018
The old request package has some vulnerable dependencies inside. So because nsp detected it has to be updated, see: https://nodesecurity.io/advisories/566 less#3169
|
Not sure if it was correct to update the versions last digit, if not change it back. |
|
Can you state a date when there will be a new Tag with this update available? |
|
No idea, sorry (e.g. see less/less-meta#26). |
|
Closing as done in #3177. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The Less Npm Module uses request in version 2.81.0 wich is using an old hawk module, wich is using hoek versoin 2.16.3 wich has the following nodesecurity vulnerability.
Updating request to 2.83.0 should solve this.
The text was updated successfully, but these errors were encountered: