Deprecation of v9.2.0, v9.2.1, v10.1.2
#18
Comments
Repository owner
locked and limited conversation to collaborators
Mar 20, 2022
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Deprecation of
v9.2.0,v9.2.1,v10.1.2Subscribe to this issue to receive critical updates on this advisory.
Summary
Applies to:
@achrinza/node-ipc@^9@achrinza/node-ipc@^10Deprecated:
@achrinza/node-ipc@9.2.0@achrinza/node-ipc@9.2.1@achrinza/node-ipc@10.1.2Replacement:
@achrinza/node-ipc@9.2.2@achrinza/node-ipc@10.1.3Description
Out of an abundance of caution,
v9.2.0,v9.2.1,v10.1.2have been deprecated in favor of v9.2.2 and v10.1.3 as they contained nested transitive production dependencies that are managed by @/riaevangelist (The original author ofnode-ipc).The offending transitive development dependencies are:
@achrinza/node-ipc@9.2.0/v9.2.1/v10.1.2js-queue@2.0.22.0.2easy-stack@^1.0.11.0.1v9.2.2 and v10.1.3 resolve this issue by switching
js-queueto@node-ipc/js-queue, which depends on a pinned version ofeasy-stack. There are no functional code changes in v9.2.2 and v10.1.3.At the time of writing, we have no reason to believe that any of these dependencies had any malicious code. However, this may change in the future and we strongly recommend upgrading the v9 and v10 version range to
^9.2.2and^10.1.3respectively.References
@node-ipc/compatcontains transitive dependencies managed by @/riaevangelist node-ipc/node-ipc#2@node-ipc/js-queue#16@node-ipc/js-queue#17The text was updated successfully, but these errors were encountered: