-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mongodb Denial of Service #66
Comments
This package is unmaintained.
You can fork it and update the dependency
…On Thu, Feb 25, 2021, 09:19 Robert Fossella ***@***.***> wrote:
Hello,
Running npm audit for *mongodb-migrations v0.85* throws the following
warning. Is there/will there be a package update? Or best way to address
this? Thanks!
node v12.13.0
***@***.***
npm audit
High Denial of Service
Package mongodb
Patched in >=3.1.13
Dependency of mongodb-migrations
Path mongodb-migrations > mongodb
More info https://npmjs.com/advisories/1203
Package.json dependencies
"dependencies": {
"bluebird": "^3.4.1",
"lodash": "^4.13.0",
"mkdirp": "^0.5.1",
"mongodb": "^2.2.1",
"nomnom": "^1.6.2"
},
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#66>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAEAMCG7SYJZ7ZP2FDA42CLTAXTXDANCNFSM4YF4MRQQ>
.
|
thank you |
Hello. Not sure if what I did was what you recommended - i.e. forked, updated, created pull request? If not, then can you explain? |
I'll try to find time to check it out
What I actually meant is you can use your fork, it can be set as a
dependency directly from github
Did you run the tests?
…On Sat, Feb 27, 2021, 11:44 Robert Fossella ***@***.***> wrote:
Hello. Not sure if what I did was what you recommended - i.e. forked,
updated, created pull request? If not, then can you explain?
Thanks.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#66 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAEAMCHX6MEZAXVBHFYCXZLTBCWH3ANCNFSM4YF4MRQQ>
.
|
Hmm. My very preliminary tests looked ok. A more robust test is throwing errors
|
I would assume a change of api given it's a major version update
There's a test suite in the package
…On Sat, Feb 27, 2021, 13:24 Robert Fossella ***@***.***> wrote:
Hmm. My very preliminary tests looked ok. A more robust test is throwing
errors
Unhandled rejection TypeError: this._db.collection is not a function
at Migrator._coll (C:\Development\wamp64\www\MyApp\src\server\node_modules\mongodb-migrations\lib\mongodb-migrations.js:58:23)
at C:\Development\wamp64\www\MyApp\src\server\node_modules\mongodb-migrations\lib\mongodb-migrations.js:69:24
at tryCatcher (C:\Development\wamp64\www\MyApp\src\server\node_modules\bluebird\js\release\util.js:16:23)
at Promise._settlePromiseFromHandler (C:\Development\wamp64\www\MyApp\src\server\node_modules\bluebird\js\release\promise.js:547:31)
When I roll back to the published version (with mongodb 2.2.4) it works.
FYI: the remainder of my application uses 3.6.4
Maybe another conflicting package :\
I'll continue to check; if you have any ideas please let me know. And thank you for extending yourself to me. Appreciated!
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#66 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAEAMCAGDV7YQEMBO3G4F6TTBDB67ANCNFSM4YF4MRQQ>
.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
Running npm audit for mongodb-migrations v0.85 throws the following warning. Is there/will there be a package update? Or best way to address this? Thanks!
node v12.13.0
npm@6.14.11
Package.json dependencies
The text was updated successfully, but these errors were encountered: