Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update requestretry to 3.1.0 #233

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

mar10
Copy link
Contributor

@mar10 mar10 commented Jan 7, 2019

This updates the dependency of requestretry to v3.1.0, hopefully fixing more security warnings mentioned in #229 and #231.

I did not test this!
Please check the changelog before applying: https://github.com/FGRibreau/node-request-retry/blob/master/CHANGELOG.md

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.17.5                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ grunt-saucelabs [dev]                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ grunt-saucelabs > requestretry > fg-lodash > lodash          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/577                       │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ underscore.string                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=3.3.5                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ grunt-saucelabs [dev]                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ grunt-saucelabs > requestretry > fg-lodash >                 │
│               │ underscore.string                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/745                       │
└───────────────┴──────────────────────────────────────────────────────────────┘

@Jonahss
Copy link
Collaborator

Jonahss commented Jan 7, 2019

I'm going to modify the travis CI builds, and then those tests will show us that this update doesn't cause issues.

@Jonahss
Copy link
Collaborator

Jonahss commented Jan 7, 2019

Ive updated the Node versions travis tests on. Looks like we're getting a test failure.
I saw that somehow one of your builds succeeded but I haven't been able to replicate that, even after including your changes in my branch: #234
I can keep digging, but will take longer.

@mar10
Copy link
Contributor Author

mar10 commented Jan 10, 2019

Seems to be a bug in requestretry, I opened an issue there

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants