search

OverZealous / cdnizer

Node module for replacing local links with CDN links, includes fallbacks and customization
MIT License
52 stars 24 forks source link

cdnizer fails the security audit #31

Closed Kjir closed 5 years ago

Kjir commented 5 years ago

When installing cdnizer 2.0.0 (through another npm package, but that's not relevant), you get the following warning:

warning webpack-s3-plugin > cdnizer > nomnom@1.8.1: Package no longer supported. Contact support@npmjs.com for more info.

Also the security audit now includes two issues: image

Here's the links to the advisories:

OverZealous commented 5 years ago

Thanks for the report. I can't fix the semver error inside the jsdelivr-cdn-data, but I don't think it should matter.

I didn't write the CLI code for the library, and I don't feel like maintaining it any longer, so I'm stripping it from the next version.

I've published the fixes as v3.0.0

OverZealous commented 5 years ago

Actually, I have to republish it as v3.0.1. Stupid CLI.

Kjir commented 5 years ago

Thank you for taking care of this, and in such a short time!

Kjir commented 5 years ago

BTW: it looks like jsdelivr-cdn-data has an updated version that should fix the issue with semver. Updating the dependency should get rid of that problem too

OverZealous commented 5 years ago

Thanks for the heads up!

@noqcks provided a PR to fix this in #33. It's been published as 3.0.2 for cdnizer and 2.0.2 for gulp-cdnizer.