Security advisory on http-proxy-agent & https-proxy-agent
Opened this issue · 3 comments
Deleted user commented
The joys of npm audit :)
https://nodesecurity.io/advisories/607
Versions of http-proxy-agent before 2.1.0 are vulnerable to denial of service and uninitialized memory leak when unsanitized options are passed to Buffer.
https://nodesecurity.io/advisories/593
Versions of http-proxy-agent before 2.1.0 are vulnerable to denial of service and uninitialized memory leak when unsanitized options are passed to Buffer.
Txs
SimenB commented
This repo uses 2.1.0 or newer for both, though?
make-fetch-happen/package.json
Lines 39 to 40 in 508c0af
Deleted user commented
You're right, npm-profile is the issue. txs
CuAnnan commented
Yeah, sorry about that. Was about to close.