-
-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Current version of the levelup dependency for this project has a known security vulnerability #13
Comments
Is this something you expect you might have an ETA for a fix for or is the project abandoned? |
so the actual issue is about updating levelup to version 2.0.0, a pull request doing so and making sure the tests pass would go a long way to helping this be resolved |
actually I take it back, updating it to 0.19.1 would probably do the trick |
Updating
|
Any progress on this? |
Ping @mafintosh: will you consider the #15 PR, so we can get the ball rolling on fixing the security warnings in people's repositories? |
Ya sure. Anyone here wanna help maintain this?
…On Sun, 18 Nov 2018 at 04.32, Morgan Roderick ***@***.***> wrote:
Ping @mafintosh <https://github.com/mafintosh>: will you consider the #15
<#15> PR, so we can get
the ball rolling on fixing the security warnings in people's repositories?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#13 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAW_VXq2U0q-33wIddt7AGLNAmwry9Phks5uwGQ7gaJpZM4SRIy5>
.
|
If it's just a question of pulling for this update and possibly any future such ones (at least clear-cut ones like this), I could sign on (brettz9 on npm as well). |
Another issue that someone can hopefully address is that the current version of the dependency |
Any updates with this? |
@mroderick I just made another PR (#24) with main differences being compared to #15 are that it is ready and it does not require browser testing/karma instead it uses spec compliant /cc @mafintosh |
A user opened an issue on our repo about the
semver
package having a security vulnerability ionic-team/stencil#568. After researching it we found that this was coming from a very old version of the levelup package that browserify-fs relies on.The text was updated successfully, but these errors were encountered: