This repository has been archived by the owner on Jan 17, 2023. It is now read-only.
Remove .nsprc after tough-cookie is updated #3532
Assignees
Milestone
Comments
ianb
added a commit
that referenced
this issue
Sep 21, 2017
…ing for now Followup to undo this in #3532
Merged
jaredhirsch
pushed a commit
that referenced
this issue
Sep 21, 2017
…ing for now Followup to undo this in #3532
ghost
added this to the 
|
New toughcookie is out BTW, with a fix |
jaredhirsch
added a commit
that referenced
this issue
Sep 27, 2017
As seen in [1], we had to temporarily disable nsp checks due to a potential vulnerability in tough-cookie. The request library has been updated to use the updated tough-cookie, and, thanks to loose version tracking, looks like the fix percolates up to all our deps. [1] https://circleci.com/gh/mozilla-services/screenshots/3561
ianb
added a commit
that referenced
this issue
Oct 10, 2017
Fix #3532, remove .nsprc file now that tough-cookie has been updated
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Reverting 8f9dff6
We should track this security warning: https://nodesecurity.io/advisories/525
Once tough-cookie gets past 2.3.2 we'll probably be okay.
The text was updated successfully, but these errors were encountered: