sdr-bootstrap-prepack icon indicating copy to clipboard operation
sdr-bootstrap-prepack copied to clipboard

Published 20 hours ago verified publisher icon ipselon

Fix for 2 vulnerable dependency paths

Open snyk-community opened this issue 8 years ago • 0 comments

sdr-bootstrap-prepack currently has a 4 vulnerable dependency paths, introducing 4 different types of known vulnerabilities.

This PR fixes vulnerable dependencies, remote memory exposure vulnerability in the request dependency and ReDos vulnerability in the tough-cookie dependency.

You can see Snyk test report of this project for details.

This PR changes Package.json to upgrade request to the newer 2.74.0 version, and will fix the vulnerability listed above. You can get alerts and fix PRs for future vulnerabilities for free by watching this repo with Snyk.

Note this PR fixes all the vulnerabilities introduced trough request dependency, in order to be vulnerability free you will need to upgrade express and moment dependencies as well.

Stay Secure, The Snyk Team

snyk-community avatar Oct 13 '16 08:10 snyk-community