Upgrade to express@3.16.0 and skipper@next #2070
Comments
|
@leedm777 re: grunt, both of those modules only run in development, so we should be good (in addition to the reasons you pointed out). We're using Express >=3.4.x in Sails core atm, so that should also be good. Re: connect in Skipper, that's resolved by sailshq/skipper@911e2bf and will be published momentarily as 0.5.3 on npm. We'll follow up shortly afterward with a patch release of Sails as well with a minimum dep on 0.5.3 of skipper. Thank you! |
mikermcneil
added a commit
that referenced
this issue
Aug 6, 2014
Kikobeats
added a commit
to sailorjs/sails
that referenced
this issue
Aug 10, 2014
* sails: Update EVENTS.md Expanded roadmap. Update ROADMAP.md Update ROADMAP.md Update ROADMAP.md Added information about new Feature Request procedure. Better explanation of setting sails.config.models.migrate. 0.10.3 0.10.2 Depend on skipper 0.5.3 re: balderdashy#2070 0.10.2 Added tests for router changes in balderdashy@42a0aaf Changed "prompt" dependency to use ~ Fixed typo Add "migrate:alter" to test fixture so that it doesn't prompt. Don't use _ global in core hook since it can be turned off (Or do `var _ = require('lodash');`) Update index.js Proposal to fix sails www --prod
|
The express dependency is still set to express@3.4.3, so we still have a problem. The skipper update looks good, though. |
rjclardy
added a commit
to rjclardy/sails
that referenced
this issue
Oct 6, 2014
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There are a couple of recently announced security vulnerabilities in qs:
This is addressed in express@3.16.0, and should be addressed in skipper once this issue has been fixed.
This is also a dependency for grunt-contrib-less and grunt-contrib-watch, but those modules shouldn't be processing user provided query strings, so it's hopefully not as urgent to get those dependencies updated.
The text was updated successfully, but these errors were encountered: