semver@6.3.0 Vulnerability within nyc@15.1.0

istanbuljs / nyc

the Istanbul command line interface

https://istanbul.js.org/

ISC License

5.54k stars 353 forks source link

semver@6.3.0 Vulnerability within nyc@15.1.0 #1522

Open rlerma opened 1 year ago

rlerma commented 1 year ago

Is this repo still being maintained?

nyc has the following dependency tree based on semver

nyc@15.1.0 ├─┬ istanbul-lib-instrument@4.0.3 │ ├─┬ @babel/core@7.19.0 │ │ ├─┬ @babel/helper-compilation-targets@7.19.0 │ │ │ └── semver@6.3.0 │ │ └── semver@6.3.0 │ └── semver@6.3.0 └─┬ make-dir@3.1.0 └── semver@6.3.0

semver@<7.5.2 has a vulnerability https://github.com/advisories/GHSA-c2qf-rxjj-qqgw

rcmedeiros commented 1 year ago

No response? 👀

AxxlFoley commented 1 year ago

I also need a fix .. any update ?

TheJHay commented 1 year ago

@coreyfarrell are you able to comment if this repo is still maintained?

jaws97 commented 6 months ago

Did anyone find any alternative?

AxxlFoley commented 6 months ago

@jaws97 After realizing that nyc is not really maintained any longer, our project switched to C8 https://github.com/bcoe/c8