Security vulnerability in dependency #171

fguitton · 2017-09-27T10:26:38Z

The dependency on request@2.79.0 introduces package tunnel-agent@0.4.3 which has a security vulnerability on uninitialized Buffer constructor use.

node-coveralls/package.json

Line 37 in b9032a1

"request": "2.79.0"

More information available there:
https://snyk.io/vuln/npm:tunnel-agent:20170305

Fixes nickmerwin#171 Fixes nickmerwin#170 Fixes nickmerwin#153 Fixes nickmerwin#149 Fixes nickmerwin#133

Fixes #171 Fixes #170 Fixes #153 Fixes #149 Fixes #133

fguitton mentioned this issue Sep 27, 2017

Dependencies should be specified as ranges #170

Closed

mdlavin added a commit to mdlavin/node-coveralls that referenced this issue Sep 28, 2017

Expand allowed dependency versions to all API compatible versions

c2cd266

Fixes nickmerwin#171 Fixes nickmerwin#170 Fixes nickmerwin#153 Fixes nickmerwin#149 Fixes nickmerwin#133

mdlavin mentioned this issue Sep 28, 2017

Expand allowed dependency versions to all API compatible versions #172

Merged

nickmerwin closed this as completed in #172 Sep 28, 2017

nickmerwin pushed a commit that referenced this issue Sep 28, 2017

Expand allowed dependency versions to all API compatible versions (#172)

428780c

Fixes #171 Fixes #170 Fixes #153 Fixes #149 Fixes #133

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security vulnerability in dependency #171

Security vulnerability in dependency #171

fguitton commented Sep 27, 2017

Security vulnerability in dependency #171

Security vulnerability in dependency #171

Comments

fguitton commented Sep 27, 2017