alexander-akait
commented
6 years ago /cc @kevva it is possible to upgrade download to latest version? Also it is avoid security problem using npm audit
Closed sebek64 closed 6 years ago
alexander-akait
commented
6 years ago /cc @kevva it is possible to upgrade download to latest version? Also it is avoid security problem using npm audit
coreyfarrell
commented
6 years ago I just looked into upgrading to the latest download version. One test which downloads two tarballs and an uncompress JS file shows a change in behaviour. In download@4 the 'extract' option meant 'try to extract', for download@>=5 nothing is returned when the file is not compressed (no error or data is returned). I'm not sure if the solution is for download to fix it's handling of decompress so it returns the original file if it's not compressed, or if the test should be updated to expect non-compressed files to fail.
jookshub
commented
6 years ago As mentioned in the reference, due to node version restrictions with got there is a mismatch for the engines requirement >=6 should be >=6 <=7 or got needs to be updated.
rejas
commented
6 years ago PR for this bump is in https://github.com/kevva/bin-wrapper/pull/65
Current version doesn't honor strict-ssl option, causing a lot of trouble for users behind a proxy. For example, https://github.com/imagemin/optipng-bin/issues/74. The fix is in 5 branch here https://github.com/kevva/download/commit/559a6f5d576a9f8e3e929f2ae83f19cd14379ad9, but this project uses version 4.