NSP/Snyke.io report of volunerability - upgrade of winston dependency

Question

NSP/Snyke.io report of volunerability - upgrade of winston dependency

YasharF opened this issue 8 years ago · 2 comments

Snyk.io is reporting that node-foursquare depends on an out-of-date version of winston which is using a vulnerable version of request. Winston as of version 0.8.0 no longer has a dependency on request. Can you please upgrade node-foursquare to use a more updated version of winston?

Answer 1 · 2016-10-05T03:30:09.000Z

PR to fix this: #31

Answer 2 · 2017-12-12T19:56:54.000Z

This change has been made and added to v0.3.2