Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong security information #190

Closed
maxrimue opened this issue May 22, 2015 · 2 comments
Closed

Wrong security information #190

maxrimue opened this issue May 22, 2015 · 2 comments

Comments

@maxrimue
Copy link

My module depends on express, which is currently in version 4.12.4.
On the dependency site of my repo, it says that there are "security vulnerabilities in dependencies", and it tells me that there's a problem with express, and also shows me a link to the Node Security Project for further information. However, on that site, it says the security problem has been patched with version 4.5, and since I declared in my package.json the version "4.x.x" of express, it should be all fine. Any clue?
@alanshaw
Copy link
Owner

You need to change your version range to not include the vulnerable version - ^4.5 should probably work

@maxrimue
Copy link
Author

Thanks!

This was referenced Mar 7, 2021
Open
Open
@snyk-bot snyk-bot mentioned this issue Aug 8, 2021
Open
@snyk-bot snyk-bot mentioned this issue Aug 15, 2021
Open
@snyk-bot snyk-bot mentioned this issue Jan 18, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alanshaw @maxrimue