Closed thekumar closed 2 years ago
Hello! When can we merge this PR? It addresses a vulnerability issue.
Hey @springmeyer, could you please review, merge this PR and release a new version to fix the sec vul?
Apologies for the wait here - I was on parental leave and we (mapbox) missed coverage of this library while I was away. So, I'll be getting a v1.0.6 release out with this fix included (landed in https://github.com/mapbox/node-pre-gyp/commit/3aadedf63f91062d717430ef23a9d3ada81803ee) and I'll be needing to find other potential maintainers for this library for the future (if anyone is interested please email me at dane@mapbox.com).
Done now in v1.0.6 per https://github.com/mapbox/node-pre-gyp/issues/597#issuecomment-948936462
Upgrade tar dependency to v.6.1.6 to mitigate the following security issues fixed in 6.1.1 and 6.1.2.
https://www.npmjs.com/advisories/1770 https://www.npmjs.com/advisories/1771