westy92
commented
7 years ago Could we please get this merged?
Open ilkka opened 7 years ago
westy92
commented
7 years ago Could we please get this merged?
amitdaga
commented
7 years ago Can we please get this merged to master? Change looks simple.
adon-at-work
commented
7 years ago 👍
erikvold
commented
6 years ago erikvold
commented
6 years ago @nicks do you still work on this?
nicks
commented
6 years ago This vulnerability doesn't affect us because we only download blessed binaries.
To answer @erikvold 's broader question: at this point, it looks like there will be no further releases of PhantomJS (the upstream project). Thus, I basically consider this installer end-of-lifed. We would only do a release to patch major demonstrable problems.
avindra
commented
6 years ago Seems that this is superseded by https://github.com/Medium/phantomjs/pull/732
This bump allows for a future release of extract-zip, that in turn pulls in a newer future release of concat-stream to mitigate a possible memory disclosure vulnerability. extract-zip is already at 1.6.0 so this will not happen without this bump.