Node-sass: Update request to 2.88

PRs welcome. If CI is happy we're happy to merge it.

On Sat., 15 Sep. 2018, 1:26 am Yoann Colin, notifications@github.com
wrote:

The package extend 3.0.1, which is a dependency of request 2.87 has a
vulnerability :
https://hackerone.com/reports/381185

Is it possible to upgrade ro request 2.88 which has fix his own
package.json to use the fixed extend 3.0.2 ?

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/sass/node-sass/issues/2496, or mute the thread
https://github.com/notifications/unsubscribe-auth/AAjZWFBsVdY4HjaxZHP6bwms8C295ohiks5ua8qvgaJpZM4Wpewd
.

Is there a release with this fix?

Not yet.

I don't know who can make a new release.

@xzyfer Is there a release planned with this fix? I'd like to use a release instead of a git commit in my package.json.

Sorry to do this, but: @xzyfer @andre @deanmao @bwilkins @keithamus @LaurentGoderre @nschonni @adamyeats @am11

Can someone please release this to npm?

v4.9.4 released

https://github.com/angular/angular/issues/21202
As you can see in the link above, there is a similar issue where upgrading request module from 2.87.0 to 2.88.0 also introduces the punycode module v2.1.1 which dropped support for IE11 in v2.0.0.

├─┬ [email protected]
│ └─┬ [email protected]
│   ├─┬ [email protected]
│   │ └─┬ [email protected]
│   │   └─┬ [email protected]
│   │     └── [email protected] 

Can you suggest how we can fix this for [email protected] without upgrading it to a major version.

The version of request that node-sass uses should have no affect on your application if you require a particular version for your app. EX: set your request version in you package.json and NPM will separate out node-sass and your apps version

Thanks @nschonni, your suggestion worked perfectly! I'm certainly impressed by the quick turnaround of the contributors of this project :)