security vulnerability dependabot alerts

[Byeong-jun-Kim]

node-forge ^0.10.0 version of ipfs-http-client ^49.0.4 is used in this project, and there are many security vulnerability alerts in this package version. Can you solve it through versioning?

[Byeong-jun-Kim]

Also there are many deprecated packages in dependencies of ipfs-http-client ^49.0.4. Please check it 🙏 @jimni1222

[jimni1222]

@Byeong-jun-Kim You can use caver-js v1.9.1-rc.1. Thanks

[Byeong-jun-Kim]

Thank you for your quick action! :)

[Byeong-jun-Kim]

There is one more deprecated package multihashes(moved on multiformats). If you have time, please check it

[jimni1222]

I don't think multihashes is deprecated. And also when i check with npm audit, i could not find anything related with that.

[Byeong-jun-Kim]

I don't know why that package on npm.com doesn't show any deprecated marks. However, if you go to github, the repository is archived, and if you read the readme of multiformats, there is information that the multihashes package is inherited.

• Also, multibase which is one of the dependencies of multihashes is marked as deprecated.

[jimni1222]

@Byeong-jun-Kim I modified to use multiforamts instead of multihashes. https://github.com/klaytn/caver-js/pull/699 Thank you for reporting.

[Byeong-jun-Kim]

Wow! Thankyou 👍

[jimni1222]

Wow! Thankyou 👍

caver-js v1.9.1-rc.2 is released, and you can use it.

[Byeong-jun-Kim]

Thank you so much

[nohkwak]

@Byeong-jun-Kim Caver-js is currently using the ipfs-http-client 57.0.3 version module, but there are compatibility issues when using it with React, so downgrading is being considered.

I can't check the information about the vulnerability as shown in the link below. https://security.snyk.io/package/npm/ipfs-http-client/versions?page=3 May I know what vulnerability was in ipfs-http-client 49.0.4?