Skip to content
This repository has been archived by the owner on Jan 17, 2023. It is now read-only.

Remove .nsprc after tough-cookie is updated #3532

Closed
ianb opened this issue Sep 21, 2017 · 1 comment
Closed

Remove .nsprc after tough-cookie is updated #3532

ianb opened this issue Sep 21, 2017 · 1 comment
Assignees
@jaredhirsch
Milestone
General Release 57

Comments

@ianb
Copy link
Contributor

ianb commented Sep 21, 2017
edited
Loading

Reverting 8f9dff6

We should track this security warning: https://nodesecurity.io/advisories/525

Once tough-cookie gets past 2.3.2 we'll probably be okay.
ianb added a commit that referenced this issue Sep 21, 2017
@ianb
Ignore the tough-cookie (https://nodesecurity.io/advisories/525) warn…
8f9dff6 
…ing for now

Followup to undo this in #3532
@ianb ianb mentioned this issue Sep 21, 2017
Merged
jaredhirsch pushed a commit that referenced this issue Sep 21, 2017
@ianb @jaredhirsch
Ignore the tough-cookie (https://nodesecurity.io/advisories/525) warn…
13edc07 
…ing for now

Followup to undo this in #3532
jaredhirsch pushed a commit that referenced this issue Sep 21, 2017
@ianb @jaredhirsch
Ignore the tough-cookie (https://nodesecurity.io/advisories/525) warn…
c21f3d3 
…ing for now (#3533)

Followup to undo this in #3532
@ghost ghost added this to the General Release 57 milestone Sep 25, 2017
@ianb
Copy link
Contributor Author

ianb commented Sep 25, 2017

New toughcookie is out BTW, with a fix

@jaredhirsch jaredhirsch self-assigned this Sep 27, 2017
jaredhirsch added a commit that referenced this issue Sep 27, 2017
@jaredhirsch
Fix #3532, remove .nsprc file now that tough-cookie has been updated
bcb4da8 
As seen in [1], we had to temporarily disable nsp checks due to a
potential vulnerability in tough-cookie. The request library has been
updated to use the updated tough-cookie, and, thanks to loose version
tracking, looks like the fix percolates up to all our deps.

[1] https://circleci.com/gh/mozilla-services/screenshots/3561
@ianb ianb closed this as completed in 0b09f21 Oct 10, 2017
ianb added a commit that referenced this issue Oct 10, 2017
@ianb
Merge pull request #3596 from mozilla-services/3532-remove-nsp-exception
14e7c32 
Fix #3532, remove .nsprc file now that tough-cookie has been updated
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees

@jaredhirsch jaredhirsch

Labels
None yet
Projects
None yet
Milestone
General Release 57
Development

No branches or pull requests
2 participants
@ianb @jaredhirsch