Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security: update package use of qs library #97

Closed
camsjams opened this issue Apr 5, 2017 · 5 comments
Closed

Security: update package use of qs library #97

camsjams opened this issue Apr 5, 2017 · 5 comments

Comments

@camsjams
Copy link
Contributor

camsjams commented Apr 5, 2017

There is an advisory for the npm package qs that can be solved by upgrading to the latest version (currently at v6.4.0), or at the very least v6.1.2.

Some additional info from snyk and the qs github issue.

Should be a simple bump as there haven't been too many changes from 5 to 6 that would break.
@camsjams
Copy link
Contributor Author

camsjams commented Apr 5, 2017
edited

Created PR #98

@camsjams camsjams mentioned this issue Apr 5, 2017
Merged
@camsjams
Copy link
Contributor Author

Thanks! Can you please publish to NPM?

@t-sont
Copy link

t-sont commented Apr 14, 2017

Hello, is there any special reason this is still not being published to NPM after 9 days? I don't want to state the obvious from the referenced security links above, by Camsjams, but the qs vulnerability is a high severity one. Is this project not a really important one? Or is someone really sure that it cannot be exploited with swagger-node-runner?

@theganyo
Copy link
Collaborator

Sorry for the delay. It has been published as 0.7.3.

@camsjams
Copy link
Contributor Author

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@theganyo @camsjams @t-sont