Closed ghost closed 2 years ago
I'm also facing several security vulnerability scan alerts caused by this. Hoping bcrypt gets released/ master tagged soon...
Edit: As a temporary workaround node's package.json allows overriding transitive dependency versions. https://docs.npmjs.com/cli/v8/configuring-npm/package-json#overrides
"overrides": {
"bcrypt": {
"@mapbox/node-pre-gyp": "^1.0.7"
}
}
@recrsn any update?
Are there any plans to release a new build? One of the dependencies, specifically
@mapbox/node-pre-gyp
, has been updated from 1.0.0 to 1.0.7 in the latest release vs the master branch, respectively. There's a number of security alerts that will get resolve in my projects, and I imagine for others as well, with a new release.