Closed kareniel closed 6 years ago
This pr updates the dependency on protocol-buffers to ^4.0.2
protocol-buffers
The newest protocol-buffers version doesn't depend on brfs@1.43, which ultimately depends on a vulnerable version of static-eval (@0.2.4) .
brfs@1.43
static-eval
ps: There's also a pr on brfs to update it's dependencies.
brfs
full depencency graph: hyperdb@2.0.0 › protocol-buffers@3.2.1 › brfs@1.4.3 › static-module@1.5.0 › static-eval@0.2.4
hyperdb@2.0.0 › protocol-buffers@3.2.1 › brfs@1.4.3 › static-module@1.5.0 › static-eval@0.2.4
@kareniel the tests for the brfs patch are failing, probably need a bit of tweaking (:
@kareniel merged & published!
Thanks! hyperdb@2.0.1
hyperdb@2.0.1
This pr updates the dependency on
protocol-buffers
to ^4.0.2The newest
protocol-buffers
version doesn't depend onbrfs@1.43
, which ultimately depends on a vulnerable version ofstatic-eval
(@0.2.4) .ps: There's also a pr on
brfs
to update it's dependencies.full depencency graph:
hyperdb@2.0.0 › protocol-buffers@3.2.1 › brfs@1.4.3 › static-module@1.5.0 › static-eval@0.2.4