search

bchr02 / node-pre-gyp-github

A node-pre-gyp module which provides the ability to publish to GitHub releases.
MIT License
52 stars 32 forks source link

Bump outdated package versions #37

Closed justinkambic closed 2 years ago

justinkambic commented 3 years ago

Resolves https://github.com/bchr02/node-pre-gyp-github/issues/36.

nyc and mocha versions depended by this project are out of date and have numerous associated prototype pollution vulnerabilities. This perhaps is not a big deal but it can be unsettling when installing the package and seeing a message like:

found 145 vulnerabilities (109 low, 1 moderate, 34 high, 1 critical)
  run `npm audit fix` to fix them, or `npm audit` for details

I don't think this change impacts the package's tests suite, but not all tests are passing for me on master and I'm seeing the same failure here, so I'm not able to 100% verify. I can try to dig into that more if I have time.

justinkambic commented 2 years ago

This repo seems not to be maintained and I'm no longer using it. Closing this for now.