Package: node-concat-stream / 1.5.1-2
Patch seriesview the series file
|readable stream.patch | (download)||
2 1 + 1 - 0 !
use nodejs stream module instead of readable-stream The nodejs Stream module is "stable" in nodejs v4.2.1 (LTS) so readable-stream is not required and will no longer be packaged.
|to string_numbers.patch | (download)||
to-string numbers written to the stream Node-concat-stream is vulnerable to Uninitialized Memory Exposure. This possible memory disclosure vulnerability exists when a value of type number is provided to the stringConcat() method and results in concatination of uninitialized memory to the stream collection. This is a result of unobstructed use of the Buffer constructor, whose insecure default constructor increases the odds of memory leakage. See https://snyk.io/vuln/npm:concat-stream:20160901 for further details.