incubator-retired-ripple
incubator-retired-ripple copied to clipboard
Update express to mitigate vulnerabilities
Good morning, express 3.1.0 is vulnerable to:
- https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting
- https://nodesecurity.io/advisories/send-directory-traversal
- https://nodesecurity.io/advisories/qs_dos_extended_event_loop_blocking
- https://nodesecurity.io/advisories/qs_dos_memory_exhaustion
@brentlintner I couldn't find any place to disclose this issue in private, neither make this issue security sensitive. Let me know if you have questions.
I think is important to get this fix in, once it also affects cordova-cli.
Hey @abstractj awesome! Thanks for the PR. I plan to pull in ASAP. I just noticed that with the 4.x update, some middleware was moved out of core into their own packages that need to be added. Unless you or someone else does, I will try to do that when I get a chance. :-)
@brentlintner go ahead my friend, I think you're more familiar with ripple than me. Glad to help.