Update node-https-proxy-agent (security fix) #2260
Comments
|
Thanks for the superquick update!
…On Wed, Oct 9, 2019, 05:15 Kamil Ogórek ***@***.***> wrote:
Closed #2260 <#2260>
via #2262 <#2262>.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#2260?email_source=notifications&email_token=AAFDMNAAZUQE6P2EOKHQXULQNW4MTA5CNFSM4I6TQEI2YY3PNVWWK3TUL52HS4DFWZEXG43VMVCXMZLOORHG65DJMZUWGYLUNFXW5KTDN5WW2ZLOORPWSZGOUDM3LOY#event-2698622395>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAFDMNGLVN44XGUQHT3OZTDQNW4MTANCNFSM4I6TQEIQ>
.
|
|
Anytime. I'll release version |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Yesterday a patch and new release for node-https-proxy-agent was released, which fixes a Man-in-the-middle vulnerability:
https://github.com/TooTallNate/node-https-proxy-agent/releases/tag/3.0.0
TooTallNate/proxy-agents#77
The node sentry version relies on version 2.2.1:
https://github.com/getsentry/sentry-javascript/blob/master/packages/node/package.json#L24
Unfortunately this vulnerability is causing a build failure in one of our projects because Snyk complains about the vulnerability:
https://snyk.io/vuln/SNYK-JS-HTTPSPROXYAGENT-469131
It would be great to get sentry using the new version of node-https-proxy-agent so we could just update sentry to fix the build failure.
The text was updated successfully, but these errors were encountered: