-
Notifications
You must be signed in to change notification settings - Fork 5.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security vulnerability from file-type
inner dependency
#11268
Comments
I'm also having this security vulnerability issue. Is it safe to continue using the tool? |
Thanks for reporting @alfaproject. The vulnerability is marked as moderate, it's also used in very fringe use cases in the Framework and I don't see a real scenario where it could really be exploited in a meaningful way. It should be safe to still use Framework before we find an alternative for |
Can we remove Sample code to modify
and below:
Please also note that |
@sleepwithcoffee Case with |
@medikoo you mentioned a valid point. It's a shame that we dont have any better alternative to I am also hesitant to edit this code since it is not covered by any tests. |
This package depends on
archive-type
anddecompress
which seem abandoned and they depend on really old versions offile-type
triggering our CI audit checks:The text was updated successfully, but these errors were encountered: