⚠️ WARNING ⚠️ tar.gz module has been deprecated and your application is vulnerable #293
Comments
|
@sintaxi @djanowski I have this issue reported on the ember-cli-surge project also. I believe the issue is related to security too. |
|
Any movement on this? Any project that uses surge, even just for its demo app, is going to cause concern among developers when they see a giant security warning on github due to this dependency. |
|
I have these fixed here, but |
|
Might as well make a PR and see if it passes in CI. Could be a local issue. |
|
Thanks for talking a look at this. Ill have a peak at your branch. I have a fairly big release in the works. Ill make sure a fix for this issue gets included. |
@sintaxi Is it possible to clone the repo, merge the PR, and do a patch release? Then at a later point, do your big release? As right now, any project that has surge as a dep or dev dep, is getting security notifications from github delivered to the maintainers of the repos. So getting this fixed immediately would save a lot of time for all the devs that depend on your package. |
|
Any update on this? |
|
Just to emphasise the annoyance of this. I have dozens of repos that have surge as a dev dep. And for each update posted for them, myself and the other maintainers get these alerts:
If you are new to this error, it takes about 5-15 minutes to debug that the cause is surge. Multiply this by each surge user. |
|
Working hard on getting this release ready and I agree this is very annoying. Please air your grievances with github because this warning is a false positive and unnecessary in the context of how surge uses the tar lib. Github is overreaching and its extremely frustrating as a library author. |
|
@sintaxi I understand, much love to all open-source maintainers ❤️ |
ALERT:
npm WARN deprecated tar.gz@0.1.1: ⚠️ WARNING ⚠️ tar.gz module has been deprecated and your application is vulnerable. Please use tar module instead: https://npmjcom/tarThe text was updated successfully, but these errors were encountered: