joelgallant
commented
1 year ago I'm updating some today, although my time is stretched very thin lately. Version 3 is still somewhere on my bucket list, but I wouldn't want to get anyone's hopes up.
Open danielsitnik opened 1 year ago
joelgallant
commented
1 year ago I'm updating some today, although my time is stretched very thin lately. Version 3 is still somewhere on my bucket list, but I wouldn't want to get anyone's hopes up.
danielsitnik
commented
1 year ago Thank you @joelgallant! It's been reduced to just a "high" vulnerability in node-fetch now.
joelgallant
commented
1 year ago Could you yarn why node-fetch? I believe this is from quicktype-core -> isomorphic-fetch, which we can't update w/o a breaking change. We don't use the XHR request part of that lib anyways, so it should be safe.
danielsitnik
commented
1 year ago Yep, it comes from quicktype-core:
Hi guys, it's me again. 😄 I've been using app-config for some time now and it's been working great.
However, I can't help but notice that the current version has a number of high and critical vulnerabilities:
As I'm working in a corporate environment, our applications are subject to vulnerability scanning and our security guys will start questioning me about these issues very soon. 😁
I'd like to ask if you can look into it and maybe fix the vulnerable versions in a 2.8.7 release?
Also, is there any news on when can we expect the new version 3? I'm really hopeful for the more modular approach that should be introced in it.
Thanks!