meow package security error

[simlevesque]

Hi, one of npm-check's dependencies had a security update 10 hours ago.

This depencency is meow, version 10.0.1 fixes the problem by updating it's dependency on trim-newlines to 4.0.1 that fixes the root issue.

https://www.npmjs.com/package/meow?activeTab=versions

[TyMick]

FWIW, upgrading meow to at least v6.0.0 should also fix the warning, in case any earlier major versions are easier to upgrade to. v6.0.0 changes the trim-newlines version range to ^3.0.0, which should upgrade you to trim-newlines v3.0.1 (which also has the fix) when you upgrade meow.

Here are meow's release notes, so you can review breaking changes as you upgrade.

And in the meantime, meow's developer said that the trim-newlines vulnerability doesn't affect meow (sindresorhus/meow#185 (comment)), but I don't know if that only applies to meow v10, and it would still be nice to get rid of that npm audit warning, besides.

[ghost]

npm said their last publish was a year ago, do we know if they are still working on this project?

[TyMick]

Oh, good point. Last commit in this repo was Feb 2020 as well, and 179 open issues is a lot for a relatively small project... Bummer.

[JeanMeche]

A new version has been released since ! (nov 2021) and latest commit dates to early 2022.