Closed rejas closed 1 year ago
maoberlehner
commented
1 year ago The project is use as is and I don't work on it. PRs are welcome.
I merged all the security related pull requests. I can see that it is frustrating for people seing problems in their security audits. Yet if you use this tool for what it is supposed to (as a build tool, not running on your server) the vulerabilities of dependencies of this package do not matter 🤷♂️
maoberlehner
commented
1 year ago (fyi as somebody with ~216 repositories on GitHub I get notification emails for those PRs all.the.time.)
rejas
commented
1 year ago Thanks for the quick response and action.
(fyi as somebody with ~216 repositories on GitHub I get notification emails for those PRs all.the.time.)
I totally understand that and wish the security warnings would be more meaningful / appropiate but oh well...
I assume new releases will appear shortly on npm?
rejas
commented
1 year ago Sorry if I sound too pushy @maoberlehner but could you release 5.3.4 on npm (if you got the time)?
Since this repo doesnt seem to get any updates I wanted to ask if you need help maintaining it (or at least getting the security PRs merged)? Or what is your stance on this project? Are there any alternatives which I didn't find? Thanks in advance