Open emilushi opened 6 years ago
@dewrox I have seen it, but bin-build has old version of decompress and download on its dependencies and they were using gulp-util.
The current version of download
being used ^6.2.2
also has a sub-dependency of tunnel-agent
, which contains a Memory Exposure
vulnerability.
download > caw > tunnel-agent
download < 11.8.5 also drags https://github.com/advisories/GHSA-pfrx-2q88-qq97
@kevva any updates on this?
is this project still maintained?
Please update dependencies
decompress
anddownload
to latest version because they requiregulp-util
which is depreciated.Thanks!