bump request to 2.87.0 #1492
bump request to 2.87.0 #1492
Conversation
|
I'm interested in seeing this merged as well, but is I couldn't find the reason for why the range was pinned at 2.82.0 in the first place, but even safer might be to specify |
|
@apellerano-pw |
|
|
|
@xzyfer I made this one in support for 2.87 request bump in the node-gyp 3.x. |
|
@Rohithzr you're right. My mistake. |
|
Is there any ETA on when this PR might be merged and included in a release? Thanks. |
|
@padraic-edwards i too am waiting, maybe i think that people are on vacation or something, anyways, they will merge it when they can. Should be soon |
ghost
mentioned this pull request
|
Hello, I am here to redirect my enthusiasm from gulp-sass to here 👍 |
|
+1 please merge, ugly to see "Moderate Severity Vulnerability" on npm audit |
|
Tweeted at some of the folks on the NPM page for node-gyp, mebbe hop on my tweet to help get their attention: https://twitter.com/gweilo_fi/status/1019784220703580160 |
|
Has the same failures as 3.x HEAD: https://ci.nodejs.org/job/nodegyp-test-pull-request/64/ |
FYI (Same information should be in https://ci.nodejs.org/job/nodegyp-test-commit/327/nodes=win2016-vs2017/console as linked by https://ci.nodejs.org/job/nodegyp-test-commit/327/nodes=win2016-vs2017/) |
|
@Fishrock123 seems to be an odd error on the Windows Systems. #62 both with same errors. Can you shed some light? |
|
I have no clue. |
|
@joaocgreis finally it's all green. I will open an issue regarding the 0.10.x test failing for documentation purposes. |
|
Really looking forward to the published release to clear the npm audit warnings on famous packages such as npm-cli and node-sass. |
|
@Fishrock123 @mmarchini I haven't reviewed this but don't mind landing if your approvals still hold. However, I can't publish a new version so @Fishrock123 perhaps you can take this from here? |
|
I'm waiting a new version for a long time because node-sass depends node-gyp and npm audit always alerts this vulnerability. It causes crying-wolf syndrome so I really want to be fixed it. |
|
Per npm's website, @bnoordhuis, @Fishrock123, and @rvagg are those with publish access -- would someone be willing to give this PR a once-over and then publish a new 3.x release (I believe it would be |
|
Dear sass-loader users: Now you can use dart-sass in sass-loader v7.1.0 instead of node-sass. As a result, you can avoid this problem if you don't use any other packages that depend on node-gyp. |
|
@Fishrock123 what is causing the delay? |
|
let's get this closed, new code needs quite a bit of work to make it consistent with the node-gyp codebase though. Moving to #1521. |
PR-URL: #1492 Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: Matheus Marchini <matheus@sthima.com> Reviewed-By: Jon Moss <me@jonathanmoss.me> Reviewed-By: Rod Vagg <rod@vagg.org>
…lable. PR-URL: #1492 Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: Matheus Marchini <matheus@sthima.com> Reviewed-By: Jon Moss <me@jonathanmoss.me> Reviewed-By: Rod Vagg <rod@vagg.org>
PR-URL: #1492 Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: Matheus Marchini <matheus@sthima.com> Reviewed-By: Jon Moss <me@jonathanmoss.me> Reviewed-By: Rod Vagg <rod@vagg.org>
…lable. PR-URL: #1492 Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: Matheus Marchini <matheus@sthima.com> Reviewed-By: Jon Moss <me@jonathanmoss.me> Reviewed-By: Rod Vagg <rod@vagg.org>
|
v3.8.0 is out |
PR-URL: #1492 Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: Matheus Marchini <matheus@sthima.com> Reviewed-By: Jon Moss <me@jonathanmoss.me> Reviewed-By: Rod Vagg <rod@vagg.org>
Checklist
npm install && npm testpassesDescription of change
In reference to request/request#2943 , the request package should be upgraded to fix security issues.
This still supports node < 4 and fixes the hoek/hawk security issue for both node-gyp v3 and v4 (#1471).