Vulnerability 1012 - Need new release

[dalefrancis88]

Hey,

There is currently a security vulnerability in your released package 4.1.0
https://www.npmjs.com/advisories/1012

It is due to the version of braces being used, however it looks like that's been fixed in master. Will there be a release any time soon?

[khkyler]

High: Prototype Pollution
Package: mixin-deep
Patched in: >=2.0.1
Dependency of: karma
Path: karma > braces > snapdragon > base > mixin-deep
More info: https://npmjs.com/advisories/1013

I'm also getting this vulnerability as well as the one listed above

[ionut-t]

Hi,
I'm getting 110 high severity vulnerabilities in an Angular project, all related to set-value package. Message below:

High: Prototype Pollution
Package: set-value
Patched in >=3.0.1
Dependency of karma [dev]
Path: karma > chokidar > readdirp > micromatch > snapdragon > base > cache-base > union-value > set-value
More info: https://npmjs.com/advisories/1012

[johnjbarton]

Please don’t open issues about these vulnerabilities. We already get tons of notifications and annoying panels in the UI.

If this is important to you, send a PR to fix it.

[dalefrancis88]

Dude! Did you even read what the question was before you closed it? It wasn't raising because there needs to be work done, it was raising because it HAS been done and i'd like to know when there would be a release? I appreciate the work of the open source community and of this package itself, but it's a pretty uncool thing to reply with a curt remark and close and issue when you're not addressing the original question.

[johnjbarton]

Please use a descriptive title like “Please release a new version”. Which I did, 4.2 is out, try it.

[dalefrancis88]

Ahh yes i see that ... released 26 min ago, i shall go check that out.