Skip to content
This repository was archived by the owner on Jul 24, 2019. It is now read-only.

fix: vulnerable dependency (extract-zip) #751

Closed
Ilshidur wants to merge 1 commit into from
Closed

fix: vulnerable dependency (extract-zip) #751

Ilshidur wants to merge 1 commit into from

Conversation

@Ilshidur
Copy link
Contributor

@Ilshidur Ilshidur commented Oct 31, 2017
edited
Loading

The [email protected] package is vulnerable to a ReDoS attack.

Updated to version 1.6.6, where the maintainers fixed it a few hours ago this PR.

This PR can solve failing tests because of some tools (like Snyk).
I made it just in case #746 (comment) won't be merged immediately.

@Ilshidur
fix: vulnerable dependency (extract-zip)
3e2dd7f 
The [email protected]_ package is [vulnerable to a ReDoS attack](https://snyk.io/test/npm/extract-zip/1.6.5).

Updated to [version 1.6.6](https://snyk.io/test/npm/extract-zip/1.6.6), [where the maintainers fixed it](max-mapper/extract-zip#48 (comment)) a few hours ago this PR.

This PR can solve failing tests because of some tools (like [Snyk](https://snyk.io)).
@avindra
Copy link
Contributor

avindra commented Oct 31, 2017

@Ilshidur I would strongly prefer that we merge this instead

#746

As it would result in far fewer instances of having to manually bump dependencies and communicate with Medium, who have already expressed a disinterest in maintaining this project.

@Ilshidur
Copy link
Contributor Author

Ilshidur commented Mar 12, 2018

Abandoning this PR. As this repo is going to be archived, I'm not willing to keep a fork of it in my repositories.
Sorry to see this project is going down.

@Ilshidur Ilshidur closed this Mar 12, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Ilshidur @avindra