Open naderm opened 6 years ago
Doesn't seem all that bad, given that we're not using this as a server app (and I hope you're not either) and that semver is only run against your own input. This is only an issue if you're concerned about DDOSing yourself 😆
I'd totally accept a PR though!
This project no longer depends on flatten-packages and the package-lock.json contains version 5.5.1 of semver. Could we close this issue?
electron-windows-store has an out of date dependency, semver, that contains a security issue
electron-windows-store@^0.10.1 > flatten-packages@^0.1.4 > semver@~2.2.1
I've filed this issue in flatten-packages, but that package has not been updated in several years. I'm re-filing this issue here in case it is not addressed downstream:
https://github.com/arifsetiawan/flatten/pull/21