-
Notifications
You must be signed in to change notification settings - Fork 233
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dependency request
uses a vulnerable version of cryptiles
#83
Comments
Similarly, it looks like there's a vulnerability in the |
Fixed in #91 - nothing exists yet for the extend package/beyond 2.88. Might be possible to switch to something other than 'request' in a future version. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
cryptiles
has a known high priority vulnerability. The latest version ofrequest
(v2.88.0) no longer depends onhawk
, thus removing the vulnerability withcryptiles
.The text was updated successfully, but these errors were encountered: