Skip to content

chore(deps): bump postman-request to .48#273

Open
matt-jb wants to merge 2 commits intonodevault:masterfrom
matt-jb:chore/bump-postman-request
Open

chore(deps): bump postman-request to .48#273
matt-jb wants to merge 2 commits intonodevault:masterfrom
matt-jb:chore/bump-postman-request

Conversation

@matt-jb
Copy link

@matt-jb matt-jb commented Jan 16, 2026
edited
Loading

Fixes security vulnerability CVE-2025-15284.

Closes #272

@matt-jb matt-jb force-pushed the chore/bump-postman-request branch from 5a3d1be to a33988a Compare January 16, 2026 15:46
@jacobrasmuson
Copy link

jacobrasmuson commented Jan 16, 2026

It looks like the package-lock points to using a JFrog registry. I think you should re-install to go to the public registry.npmjs.org rather than box.jfrog.io

@matt-jb
Copy link
Author

matt-jb commented Jan 16, 2026

Done. Thanks for the callout, @jacobrasmuson!

@benjamin-allion
Copy link

benjamin-allion commented Jan 21, 2026

Many libraries that use nodevault are affected by the CVE-2025-15284 vulnerability.
Is there anything else missing for the merge please ?

@finesome
Copy link

finesome commented Jan 23, 2026

I think this PR can also include the changes from #269, which fixes issue #268

@LIlianHub
Copy link

LIlianHub commented Jan 26, 2026

Many libraries that use nodevault are affected by the CVE-2025-15284 vulnerability. Is there anything else missing for the merge please ?

+1, is there anything more to perform on the PR ?

@SullyP
Copy link

SullyP commented Jan 27, 2026

Hello,

Anybody to review and merged this 8.2 score CVE fix ?

@aviadhahami can you help please ?

@LIlianHub LIlianHub mentioned this pull request Jan 28, 2026
Open
@LIlianHub
Copy link

LIlianHub commented Jan 30, 2026

Is anyone able to review this PR to fix the still existing CVE? Some other npm modules depend on node-vault and are blocked by this unresolved security issue. @aviadhahami maybe you can help us ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

CVE-2025-15284 qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion

6 participants

@matt-jb @jacobrasmuson @benjamin-allion @finesome @LIlianHub @SullyP