-
-
Notifications
You must be signed in to change notification settings - Fork 191
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade mime dependency to version 2.0.3. #146
Conversation
It is not possible to upgrade to the 2.x series of the |
The 2.x series API is also completely different; please run the tests at least prior to a PR :) |
Hey Doug, Was just reading over the reference again and realized you were already on top of it. Thanks! |
It's no problem 👍 Not sure if you are using this though Express.js or not, but if you are, hang tight and the usage of this module doesn't introduce a vulnerability anyway, but still trying to get an update out. |
Yep, using this through Express.js. Got wind of it via
Adding the advisory as an exception on my project for now as per the docs here https://github.com/nodesecurity/nsp#exceptions. Thanks again for your work on this 👍 |
Express.js 4.16.0 is out now with the updated dependency 🎉 |
…press 4.15 pillarjs/send#146 the same issue reported on git, shows the regular express vulnerablility, which required me to upgrade the express server, and other dependencies. 2. have added startMessage.js to print start message on dev builds 3. added start and security check scripts to npm.
See https://nodesecurity.io/advisories/535 for more info. References broofa/mime#167