From 89c1cf0c9a89f93e0e928f4f22636c914f62de3d Mon Sep 17 00:00:00 2001 From: Snyk Community Date: Tue, 18 Oct 2016 16:32:09 +0300 Subject: [PATCH] Fix for 2 vulnerable dependency paths homebridge-legacy-plugins currently has a 2 vulnerable dependency paths, introducing 2 different types of known vulnerabilities. This PR fixes vulnerable dependencies. * [ReDOS vulnerability](https://snyk.io/vuln/npm:hawk:20160119) in the `hawk` dependency. * [remote memory exposure ](https://snyk.io/vuln/npm:request:20160119) vulnerability in the `request` dependency. You can see [Snyk test report](https://snyk.io/test/github/nfarina/homebridge-legacy-plugins) of this project for details. This PR changes `Package.json` to upgrade `request` to the newer 2.74.0 version, and will fix all the vulnerabilities. You can get alerts and fix PRs for future vulnerabilities for free by [watching this repo with Snyk](https://snyk.io/add). Stay Secure, The Snyk Team --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 713c2ad..1435d3b 100644 --- a/package.json +++ b/package.json @@ -24,7 +24,7 @@ "komponist": "0.1.0", "lifx": "git+https://github.com/magicmonkey/lifxjs.git", "lifx-api": "^1.0.1", - "request": "2.49.x", + "request": "2.74.0", "telldus-live": "^0.2.1", "xml2js": "0.4.x" }