Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deprecation of v10.1.0 and v10.1.1 #14

Closed
achrinza opened this issue Mar 20, 2022 · 0 comments
Closed

Deprecation of v10.1.0 and v10.1.1 #14

achrinza opened this issue Mar 20, 2022 · 0 comments

Comments

@achrinza
Copy link
Owner

achrinza commented Mar 20, 2022

Deprecation of v10.1.0 and v10.1.1

Subscribe to this issue to receive critical updates on this advisory.

Summary

Applies to:

  • @achrinza/node-ipc@^10

Deprecated:

  • @achrinza/node-ipc@10.1.0
  • @achrinza/node-ipc@10.1.1

Replacement:

  • @achrinza/node-ipc@10.1.2

Description

Out of an abundance of caution, v10.1.0 and v10.1.1 have been deprecated in favor of v10.1.2 as they contained nested transitive development dependencies that are managed by @/riaevangelist (The original author of node-ipc).

The offending transitive development dependencies are:

  • node-cmd@^4.0.0
  • vanilla-test@^1.4.8
    • 1.4.8
      • ansi-colors-es6@^5.0.0
      • strong-type@^1.0.1
        • 1.0.1
          • vanilla-test@*
        • 1.1.0
          • vanilla-test@*
    • 1.4.9
      • ansi-colors-es6@^5.0.0
      • strong-type@^1.1.0
        • 1.1.0
          • vanilla-test@*

v10.1.2 resolves this issue by pinning to node-cmd@4.0.0 and switching vanilla-test to @node-ipc/vanilla-test. There are no code changes in v10.1.2.

At the time of writing, we have no reason to believe that any of these dependencies had any malicious code. However, this may change in the future and we strongly recommend upgrading the v10 version range to ^10.1.2.

Repository owner locked and limited conversation to collaborators Mar 20, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant