Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deprecation of v10.1.5, v10.1.6, v10.1.7, v10.1.8, v10.1.9 #57

Closed
achrinza opened this issue Oct 25, 2023 · 0 comments
Closed

Deprecation of v10.1.5, v10.1.6, v10.1.7, v10.1.8, v10.1.9 #57

achrinza opened this issue Oct 25, 2023 · 0 comments

Comments

@achrinza
Copy link
Owner

Deprecation of v10.1.5, v10.1.6, v10.1.7, v10.1.8, v10.1.9

Subscribe to this issue to receive critical updates on this advisory.

Summary

Applies to:

  • @achrinza/node-ipc@^10

Deprecated:

  • @achrinza/node-ipc@10.1.5
  • @achrinza/node-ipc@10.1.6
  • @achrinza/node-ipc@10.1.7
  • @achrinza/node-ipc@10.1.8
  • @achrinza/node-ipc@10.1.9

Replacement:

  • @achrinza/node-ipc@10.1.10

Description

Out of an abundance of caution, v10.1.5, v10.1.6, v10.1.7, v10.1.8, v10.1.9 have been deprecated in favor of v10.1.10 as they contained nested transient production dependencies that are managed by @/riaevangelist (The original author of node-ipc).

The offending transient development dependencies are:

  • @achrinza/node-ipc@10.1.5/10.1.6/10.1.7/10.1.8/10.1.9
    • strong-type@1.1.8
      • 1.1.8
        • vanilla-test@*

v10.1.10 resolves this issue by replacing strong-type@1.1.8 with @achrinza/strong-type, which depends on pinned versions of @node-ipc/vanilla-test. There are no functional code changes in v10.1.10.

At the time of writing, we have no reason to believe that any of these dependencies had any malicious code. However, this may change in the future and we strongly recommend upgrading the v10 version range to ^10.1.10.

References

@achrinza achrinza mentioned this issue Oct 25, 2023
Repository owner locked and limited conversation to collaborators Oct 25, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant