Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replace express-brute #162

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Conversation

pjonsson
Copy link
Contributor

@pjonsson pjonsson commented May 5, 2024

This replaces express-brute with
rate-limiter-flexible, which
removes the dependency on the vulnerable
underscore version, and does not have
a rate limit bypass vulnerability.

@pjonsson
Copy link
Contributor Author

pjonsson commented May 5, 2024

The tests pass, but I have no idea if the changed code path is exercised by the test suite.

@pjonsson
Copy link
Contributor Author

@na9da this is one of the two PRs that together fixes all known security issues in terriajs-server, can you please take a look at this?

This replaces express-brute with
rate-limiter-flexible, which
removes the dependency on the vulnerable
underscore version, and does not have
a rate limit bypass vulnerability.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant