[ https://issues.apache.org/jira/browse/THRIFT-4064?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16163280#comment-16163280 ]
ASF GitHub Bot commented on THRIFT-4064: ---------------------------------------- Github user ledara1 commented on a diff in the pull request: https://github.com/apache/thrift/pull/1175#discussion_r138406960 --- Diff: package.json --- @@ -32,20 +32,22 @@ }, "main": "./lib/nodejs/lib/thrift", "engines": { - "node": ">= 0.2.4" + "node": ">= 0.12.0" }, "dependencies": { - "node-int64": "~0.3.0", - "q": "1.0.x", - "ws": "~0.4.32" + "node-int64": "^0.4.0", + "q": "^1.0.0", + "ws": "^1.0.0" --- End diff -- It should be >=1.1.1. In this version most of security issues were fixed. > Update node library dependencies > -------------------------------- > > Key: THRIFT-4064 > URL: https://issues.apache.org/jira/browse/THRIFT-4064 > Project: Thrift > Issue Type: Improvement > Components: Node.js - Library > Affects Versions: 0.10.0 > Reporter: Andres Suarez > Labels: security-issue > > ws@0.4.32 is really old and presents issues for users using modern versions > of Node (see > https://github.com/apache/thrift/pull/672#issuecomment-276678791). Its should > be updated. -- This message was sent by Atlassian JIRA (v6.4.14#64029)