Comments (10)
terinjokes
commented on July 18, 2024
2
I'm sorting out GitHub permissions, but I intend to publish a release without got.
from node-cloudflare.
qfdk
commented on July 18, 2024
1
@robinhouston I think to remove "got" is a good idea. I have a warning when i use node 16. I don't know when he could fix this ...
(node:1932270) [DEP0066] DeprecationWarning: OutgoingMessage.prototype._headers is deprecated
2022-07-14 01:30:28.489: at module.exports (/root/x/node_modules/timed-out/index.js:9:17)
2022-07-14 01:30:28.489: at get (/root/x/node_modules/got/index.js:77:4)
2022-07-14 01:30:28.489: at requestAsEventEmitter (/root/x/node_modules/got/index.js:85:2)
2022-07-14 01:30:28.489: at /root/xnode_modules/got/index.js:91:14
2022-07-14 01:30:28.489: at new Promise (<anonymous>)
2022-07-14 01:30:28.489: at asPromise (/root/x/node_modules/got/index.js:90:9)
2022-07-14 01:30:28.489: at got (/root/x/node_modules/got/index.js:302:10)
2022-07-14 01:30:28.489: at constructor.got (/root/x/node_modules/cloudflare/lib/Getter.js:22:12)
2022-07-14 01:30:28.489: at constructor.request (/root/x/node_modules/cloudflare/lib/Client.js:85:24)
2022-07-14 01:30:28.489: at create.<anonymous> (/root/x/node_modules/cloudflare/lib/method.js:126:27)from node-cloudflare.
robinhouston
commented on July 18, 2024
See also #104, in which @terinjokes mentions his plan to remove the got dependency (which would fix this).
from node-cloudflare.
can-keklik
commented on July 18, 2024
Is there any progress about this? 🙂
from node-cloudflare.
jpreynat
commented on July 18, 2024
Any update on this would be greatly appreciated, as we need to fix this CVE in our codebase 🙏
from node-cloudflare.
jpreynat
commented on July 18, 2024
@terinjokes Any chance this could be looked at?
from node-cloudflare.
AlonNavon
commented on July 18, 2024
Hey @jpreynat,
We're part of a startup called Seal Security that mitigates software vulnerabilities in older open source versions by backporting/creating standalone security patches - enabling more straightforward remediation in cases like this. We just created a got 6.7.1-sp1 that solves CVE-2022-33987 and we're going to upload it tomorrow to our open-source repository. Like all our patches, it's completely free to use and open-source.
If you want us to make a vulnerability-free version of 6.3.0, feel free to reach us at [email protected].
from node-cloudflare.
jpreynat
commented on July 18, 2024
Hi @AlonNavon 👋
Thanks for the info!
We've eventually managed to take care of this vulnerability this time, but it's good to know that you are doing this as it might come in handy at some point.
I won't hesitate to have a look at your repo next time and will keep you posted if necessary 🙂
from node-cloudflare.
AlonNavon
commented on July 18, 2024
Great :)
We're really trying to make open-source vulnerability remediation quick and
simple for the developers.
If you want to check out our platform (app.sealsecurity.io) you're welcome
(it's basically an artifact server that contains all of our patched
versions that you can pull from).
Right now it's not the friendliest onboarding, but in a couple of weeks our
GitBook should be available online, and that should make things smoother.
Keep us in mind,
Alon
…On Mon, Sep 11, 2023 at 6:34 PM Johan Preynat ***@***.***> wrote:
Hi @AlonNavon <https://github.com/AlonNavon> 👋
Thanks for the info!
We've eventually managed to take care of this vulnerability this time, but
it's good to know that you are doing this as it might come in handy at some
point.
I won't hesitate to have a look at your repo next time and will keep you
posted if necessary 🙂
—
Reply to this email directly, view it on GitHub
<#109 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AI7LZ5BBQIMYESMKPT6QEN3XZ4VRPANCNFSM52BQBYPQ>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
from node-cloudflare.
AlonNavon
commented on July 18, 2024
Hey Johan,
Our GitBook is online
<https://t.sidekickopen10-eu1.com/Ctc/OT+23284/djrw1N04/Jll2-6qcW7Y8-PT6lZ3lFN5Y4Npt3LVSxW4_Vp_H7TjjGRW5PHLk01nv614W13K0X46B0Q3tW4GdF9Y25Xp0BW7WZkR91zrvR3W9jxfWH6PzfH0W1nQyZX83VyWvW3JwcQ63XSzT1N4450tsX4nWLW9fl0bq8lB-S_W4WQf855sTd59N6yN00hhynPKM9CTtJt0wQ0W4mk8KM1_2_59Vn5S4Z7hWPBXW3QQ1WG2fYT7YN4BZlXC29DbRW8gKlMr1lBJLjW6kv7-78XtZ2NW44H_Y87-hhsSW5xrsY09hnVBYW4WrW9Y6cHGGJW8qJY9l1XJsxHW24Qg147xq58LN3DdWKnbMJP7f4PDyGl04>.
Hopefully now the onboarding is friendlier.
After you configure the artifact server, you just build your project and
use our versions if you want to.
Best regards,
Alon
…On Mon, Sep 11, 2023 at 6:55 PM Alon Navon ***@***.***> wrote:
Great :)
We're really trying to make open-source vulnerability remediation quick
and simple for the developers.
If you want to check out our platform (app.sealsecurity.io) you're
welcome (it's basically an artifact server that contains all of our patched
versions that you can pull from).
Right now it's not the friendliest onboarding, but in a couple of weeks
our GitBook should be available online, and that should make things
smoother.
Keep us in mind,
Alon
On Mon, Sep 11, 2023 at 6:34 PM Johan Preynat ***@***.***>
wrote:
> Hi @AlonNavon <https://github.com/AlonNavon> 👋
>
> Thanks for the info!
> We've eventually managed to take care of this vulnerability this time,
> but it's good to know that you are doing this as it might come in handy at
> some point.
>
> I won't hesitate to have a look at your repo next time and will keep you
> posted if necessary 🙂
>
> —
> Reply to this email directly, view it on GitHub
> <#109 (comment)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AI7LZ5BBQIMYESMKPT6QEN3XZ4VRPANCNFSM52BQBYPQ>
> .
> You are receiving this because you were mentioned.Message ID:
> ***@***.***>
>
from node-cloudflare.
Related Issues (20)
- Argo tunnel support HOT 5
- Improve error catching HOT 3
- GraphQL API support? HOT 1
- Old `got` breaks runtime HOT 6
- DNSRecords Scan is not supported
- Docs incorrect for Add PageRules
- DeprecationWarning: OutgoingMessage.prototype._headers is deprecated HOT 7
- require('cloudflare') is not a function HOT 1
- domain registration support HOT 1
- Purge cache : Bad Request with lib, works with curl HOT 1
- Support deleting a worker script using the `accounts` api.
- Complete support for stream APIs
- Auth returns empty Object and no errors
- Please publish 2.8.0 HOT 3
- SSL Endpoints should be added
- Please add support for pages HOT 5
- Deprecated workers/filters for Zone Worker Routes HOT 2
- cf.zoneSettings.editAll not works as excepted HOT 2
- 403 error HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from node-cloudflare.