search

kevva / bin-build

Easily build binaries
MIT License
38 stars 13 forks source link

Out of date dependencies #16

Open emilushi opened 6 years ago

emilushi commented 6 years ago

Please update dependencies decompress and download to latest version because they require gulp-util which is depreciated.

Thanks!

dewrox commented 6 years ago

https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5

emilushi commented 6 years ago

@dewrox I have seen it, but bin-build has old version of decompress and download on its dependencies and they were using gulp-util.

pratomchaip commented 5 years ago

The current version of download being used ^6.2.2 also has a sub-dependency of tunnel-agent, which contains a Memory Exposure vulnerability. download > caw > tunnel-agent

https://nodesecurity.io/advisories/598

gonzalob commented 1 year ago

download < 11.8.5 also drags https://github.com/advisories/GHSA-pfrx-2q88-qq97

ansf commented 2 months ago

@kevva any updates on this?

is this project still maintained?