Update *send* dependency
Closed this issue · 1 comments
pdehaan commented
See https://nodesecurity.io/advisories/send-directory-traversal
For the full list of outdated modules, see:
$ git clone https://github.com/nitoyon/livereloadx.git .
$ npm install
$ npm shrinkwrap --dev
wrote npm-shrinkwrap.json
$ # sudo npm i nsp -g
$ nsp audit-shrinkwrap
Name Installed Patched Vulnerable Dependency
qs 0.5.6 >= 1.x livereloadx > grunt-contrib-watch > tiny-lr
send 0.1.4 >= 0.8.4 livereloadx
$ npm outdated --depth 0
Package Current Wanted Latest Location
commander 2.2.0 2.2.0 2.3.0 commander
debug 0.7.4 0.7.4 2.0.0 debug
grunt-contrib-jshint 0.1.1 0.1.1 0.10.0 grunt-contrib-jshint
grunt-contrib-watch 0.4.4 0.4.4 0.6.1 grunt-contrib-watch
grunt-mocha-test 0.5.0 0.5.0 0.12.0 grunt-mocha-test
http-proxy 0.8.7 0.8.7 1.4.3 http-proxy
minimatch 0.2.14 0.2.14 1.0.0 minimatch
send 0.1.4 0.1.4 0.9.2 send
# .travis.yml not found
$ # sudo npm i pjv -g
$ pjv -wr
package.json is NOT valid
{ valid: false,
errors:
[ 'Invalid version range for dependency commander: ~ 2.2.0',
'Invalid version range for dependency debug: ~ 0.7.0',
'Invalid version range for dependency fsmonitor: ~ 0.2.4',
'Invalid version range for dependency http-proxy: ~ 0.8.7',
'Invalid version range for dependency minimatch: ~ 0.2.11',
'Invalid version range for dependency pause: ~ 0.0.1',
'Invalid version range for dependency send: ~ 0.1.0',
'Invalid version range for dependency ws: ~ 0.4.25',
'Invalid version range for dependency mocha: >= 1.7.4',
'Invalid version range for dependency should: >= 1.2.1' ],
warnings: [ 'Missing recommended field: contributors' ],
recommendations: [ 'Missing optional field: homepage' ] }