Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Backport the recent security fix to 3.x
See original GitHub issueWe are using version 3.x of simple-get in canvas and cannot upgrade to 4.x without making it a breaking change since we still support Node.js 6.x.
@feross would it be possible to have the patch back ported to the 3.x release line?
I can submit a PR if you create a 3.x branch from abdcdb32d0bb7707110a1ab39df99488330df1ee.
Thanks!
Issue Analytics
- State:
- Created 2 years ago
- Reactions:13
- Comments:8 (1 by maintainers)
Top Results From Across the Web
Security Backporting Practice - Red Hat Customer Portal
We use the term backporting to describe the action of taking a fix for a security flaw out of the most recent version...
Read more >What is Backporting? The Process & How It Works | CrowdStrike
Backporting is when a software patch or update is taken from a recent software version and applied to an older version of the...
Read more >Backport (security) fixes and release 1.26.3 #52320 - GitHub
For some published crates, I have an update policy of supporting the last 3 minor (M.m) stable releases. This policy is not unlike...
Read more >Apple backports fix for actively exploited iOS zero-day to older ...
Apple has released new security updates to backport patches released earlier this month to older iPhones and iPads addressing a remotely ...
Read more >Backporting Security Patches of Web Applications: - USENIX
In this paper, we design a security patch backporting frame- work and implement a ... vulnerability-irrelevant code (i.e., the addition of Lines 2...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
That would be great because simple-get ^3.0.3 is a transitive dependency of other packages, like prebuild-install v5 and v6.
@LinusU I gave you access to this package on GitHub and npm to help handle these security fixes. Appreciate it!