Nikhilkapoor20
commented
4 years ago @medikoo seems like the author is not active
Closed medikoo closed 4 years ago
Nikhilkapoor20
commented
4 years ago @medikoo seems like the author is not active
ralf57
commented
4 years ago @kevva please fix this ASAP
EvanHerman
commented
4 years ago Also encountering this issue.
jimmyandrade
commented
4 years ago Also encountering this issue:
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Arbitrary File Write │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ decompress │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ No patch available │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ netlify-cli │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ netlify-cli > gh-release-fetch > download > decompress │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1217 │
└───────────────┴──────────────────────────────────────────────────────────────┘
shiftgeist
commented
4 years ago Alternative packages: https://www.npmjs.com/package/unzipper https://www.npmjs.com/package/adm-zip
cekvenich
commented
4 years ago Is there an eta? Else I have to port to https://github.com/hgouveia/node-downloader-helper
jimmyandrade
commented
4 years ago Waiting for news... 😢
sindresorhus
commented
4 years ago
As reported by
npm audit:https://github.com/kevva/decompress/issues/71