New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket

caravaggio

Package Overview
Dependencies
Maintainers
1
Versions
53
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

caravaggio - npm Package Compare versions

Comparing version 2.2.0 to 2.2.1

4

CHANGELOG.md
# Changelog
## 2.2.1
- Minor fixes
## 2.2.0

@@ -4,0 +8,0 @@

4

codeclimate.json

@@ -1,2 +0,2 @@

[{"type":"issue","check_name":"Vulnerable module \"tough-cookie\" identified","description":"`tough-cookie` Regular Expression Denial of Service","categories":["Security"],"remediation_points":300000,"content":{"body":"# Regular Expression Denial of Service\n## Overview:\nThe tough-cookie module is vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds.\n\nUnless node was compiled using the -DHTTP_MAX_HEADER_SIZE= option the default header max length is 80kb so the impact of the ReDoS is limited to around 7.3 seconds of blocking.\n\nAt the time of writing all version \u003c=2.3.2 are vulnerable\n\n## Recommendation:\nPlease update to version 2.3.3 or greater"},"location":{"path":"package-lock.json","lines":{"begin":3201,"end":3208}},"engine_name":"nodesecurity","fingerprint":"f06ee92c3bc4d7d37b51a549f59dd4f0","severity":"minor"},
{"type":"issue","check_name":"Vulnerable module \"debug\" identified","description":"`debug` Regular Expression Denial of Service","categories":["Security"],"remediation_points":300000,"content":{"body":"# Regular Expression Denial of Service\n## Overview:\nThe debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the `o` formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.\n\n## Recommendation:\nUpgrade to version 2.6.9 or greater if you are on the 2.6.x series or 3.1.0 or greater."},"location":{"path":"package-lock.json","lines":{"begin":2550,"end":2557}},"engine_name":"nodesecurity","fingerprint":"82f98b1c73a1bd2659e5d0a968d287a5","severity":"minor"}]
[{"type":"issue","check_name":"Vulnerable module \"tough-cookie\" identified","description":"`tough-cookie` Regular Expression Denial of Service","categories":["Security"],"remediation_points":300000,"content":{"body":"# Regular Expression Denial of Service\n## Overview:\nThe tough-cookie module is vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds.\n\nUnless node was compiled using the -DHTTP_MAX_HEADER_SIZE= option the default header max length is 80kb so the impact of the ReDoS is limited to around 7.3 seconds of blocking.\n\nAt the time of writing all version \u003c=2.3.2 are vulnerable\n\n## Recommendation:\nPlease update to version 2.3.3 or greater"},"location":{"path":"package-lock.json","lines":{"begin":3214,"end":3221}},"engine_name":"nodesecurity","fingerprint":"f06ee92c3bc4d7d37b51a549f59dd4f0","severity":"minor"},
{"type":"issue","check_name":"Vulnerable module \"debug\" identified","description":"`debug` Regular Expression Denial of Service","categories":["Security"],"remediation_points":300000,"content":{"body":"# Regular Expression Denial of Service\n## Overview:\nThe debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the `o` formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.\n\n## Recommendation:\nUpgrade to version 2.6.9 or greater if you are on the 2.6.x series or 3.1.0 or greater."},"location":{"path":"package-lock.json","lines":{"begin":2563,"end":2570}},"engine_name":"nodesecurity","fingerprint":"82f98b1c73a1bd2659e5d0a968d287a5","severity":"minor"}]
{
"name": "caravaggio",
"version": "2.2.0",
"version": "2.2.1",
"description": "A blazing fast image processor service",

@@ -38,10 +38,10 @@ "main": "index.js",

"dependencies": {
"config": "^1.29.2",
"config": "^1.30.0",
"fs-extra": "^5.0.0",
"md5": "^2.2.1",
"micro": "^9.1.0",
"micro": "^9.1.4",
"micro-redirect": "^1.0.0",
"microrouter": "^3.0.0",
"node-fetch": "^2.0.0-alpha.9",
"pino": "^4.10.4",
"microrouter": "^3.1.1",
"node-fetch": "^2.1.2",
"pino": "^4.15.3",
"sharp": "^0.20.1",

@@ -51,9 +51,9 @@ "yargs": "^11.0.0"

"devDependencies": {
"eslint": "^4.16.0",
"eslint": "^4.19.1",
"eslint-config-airbnb-base": "^12.1.0",
"eslint-import-resolver-jest": "^2.0.0",
"eslint-plugin-import": "^2.8.0",
"eslint-plugin-jest": "^21.7.0",
"jest": "^22.1.4",
"micro-dev": "^2.2.0",
"eslint-import-resolver-jest": "^2.1.1",
"eslint-plugin-import": "^2.10.0",
"eslint-plugin-jest": "^21.15.0",
"jest": "^22.4.3",
"micro-dev": "^2.2.2",
"request-promise": "^4.2.2",

@@ -60,0 +60,0 @@ "test-listen": "^1.1.0"

@@ -10,3 +10,3 @@ module.exports = {

buildDocumentationLink: doc => `https://ramiel.gitlab.io/caravaggio/docs/${doc}`,
buildDocumentationLink: doc => `https://ramiel.gitlab.io/caravaggio/docs/${doc || 'docs.html'}`,

@@ -13,0 +13,0 @@ isPercentage: percentage => `${percentage}`.indexOf('.') !== -1,

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc