grunt-saucelabs icon indicating copy to clipboard operation
grunt-saucelabs copied to clipboard

Published 20 hours ago verified publisher icon axemclion

update requestretry to 3.1.0

Open mar10 opened this issue 6 years ago • 3 comments

This updates the dependency of requestretry to v3.1.0, hopefully fixing more security warnings mentioned in #229 and #231.

I did not test this! Please check the changelog before applying: https://github.com/FGRibreau/node-request-retry/blob/master/CHANGELOG.md

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.17.5                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ grunt-saucelabs [dev]                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ grunt-saucelabs > requestretry > fg-lodash > lodash          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/577                       │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ underscore.string                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=3.3.5                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ grunt-saucelabs [dev]                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ grunt-saucelabs > requestretry > fg-lodash >                 │
│               │ underscore.string                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/745                       │
└───────────────┴──────────────────────────────────────────────────────────────┘

mar10 avatar Jan 07 '19 20:01 mar10

I'm going to modify the travis CI builds, and then those tests will show us that this update doesn't cause issues.

Jonahss avatar Jan 07 '19 22:01 Jonahss

Ive updated the Node versions travis tests on. Looks like we're getting a test failure. I saw that somehow one of your builds succeeded but I haven't been able to replicate that, even after including your changes in my branch: https://github.com/axemclion/grunt-saucelabs/pull/234 I can keep digging, but will take longer.

Jonahss avatar Jan 07 '19 22:01 Jonahss

Seems to be a bug in requestretry, I opened an issue there

mar10 avatar Jan 10 '19 20:01 mar10