Closed kamesh95 closed 6 years ago
I believe you can npm install reap. Take the code and put it to a repo reap2
and update dependencies.
I would happily accept PR if you do it.
Sure. Actually reap is dependent on ms module only. So I have upgraded and published the new reap2 module on npm. The other vulnerability related with the string module is however the dependency of node-script-manager The issue with string is not patched so far https://nodesecurity.io/advisories/536 So for now I think you can upgrade only your reap dependency. I will create a pull request for the same. Thanks.
Ok, thank you.
Here's the PR for the fix - https://github.com/jsreport/jsreport-core/pull/28
@pofider Just curious. When will you publish the newer version on npm? As I need to use it in my codebase. Thanks!
@bjrmatos @pofider Any updates on when you guys will publish the current version with resolved vulnerabilities on npm?
There is reap2 used in jsreport@2 Sorry for the delay.
jsreport-core module's dependency reap has security issues. Actually reap module's dependency ms and string are vulnerable. But even if the issues with these sub modules are patched, they will never be released upto reap as the reap module's repository seems to be deleted. https://github.com/visionmedia/reap So is there any alternative available for the reap module that can be used with jsreport-core?