dmotz
commented
1 year ago Yeah I've been aware of these vulnerability warnings but unfortunately the ipfs-core API has changed significantly in the newer releases and it's not as simple as a package update. I've tried a few times to get it working with the latest package, but haven't had luck — it's a very complex package. If you have any interest in giving it a shot, let me know.
I'm not sure if there's a good solution to the warning in the meantime, which is probably irrelevant to most users since I don't think many devs opt for the IPFS strategy. For what it's worth, I think the vulnerabilities are only relevant to running ipfs-core 0.9.0 on Node and not relevant to the browser.
Hi 👋 Thanks for creating this lib!
After installing it with NPM, I've got a lot of warnings due to vulnerabilities found on sub-dependencies of ipfs-core@0.9.0.
As I'm not using the ipfs strategy, I've set an override for it as a workaround and confirmed that using the latest version (ipfs-core@0.18.0) resolves all the warnings.
Could you update it in the lib dependencies, so we don't need the workaround anymore? https://github.com/dmotz/trystero/blob/036a8e7c408b8f4946e0e8d6eb09ecf33bcc08b6/package.json#L27