Open x20mar opened 2 years ago
seconding this for resolving the security vulnerability
I'm fairly new to the koa-ecosystem and I'm looking around trying to find an static file package that is maintained and updated, everything I find is mostly forks and unmaintained for 4-8 years, including this one that is hosted on the official koajs org. The official website does not mention the word static
either, at least some hints on where to look would be nice. I get that the packages (modules) are fairly small and focused, but just keeping dependencies fresh and maintained goes a long way improving trust.
I'd rather not go back to Express (used on and off since it was released), so I'll just use this module and hopefully it will be updated soon.
@sondreb Hi,
I'm already working on an update koa-static
, I'll finish soon.
@etroynov good to know, here's hoping it happens :)
Hi @etroynov, Can I know whether there is an ETA for the new release that addresses the security vulnerability? 🙏
Describe the feature
Hey, I was wondering if we could get a new release, please? There is a security vulnerability in
koa-send
that was resolved in v5.0.1The security vulnerability https://github.com/advisories/GHSA-29xr-v42j-r956 was resolved by removing the
mz
package (see https://github.com/koajs/send/compare/5.0.0...v5.0.1)Thanks
Checklist