Closed AkiraMiyakoda closed 1 year ago
It looks like the package is a bit slow to update its dependencies, so maybe semi-automated dependency updates via Dependabot or a similar mechanism can help here. That's why I opened a PR that adds a Dependabot configuration (https://github.com/mapbox/node-pre-gyp/pull/688).
@striezel very slow. Last version was in September, seems completely abandoned ever since (issues/PRs get no response). I'm looking to remove it from node-argon2
seems completely abandoned ever since (issues/PRs get no response).
That is sad. :( If the repository is abandoned, then moving away from it seems to be the right action. However, I'm hoping that somebody @mapbox will pick this up and get the issues fixed and PRs merged and publish a new version to NPM, because not everyone might be able to completely remove @mapbox/node-pre-gyp from package dependencies.
Team any update on semver vulnerablility fix : CVE-2022-25883
Hey all, apologies for the delays. Will get this patched soon.
@axrj can you please share the issue ID link for the fix, where we can trace the same for the feature release.
Hi developers,
Currently, this package receives a vulnerability warning concerning CVE-2022-25883 reported a few days ago. This package depends on
make-dir
which has been updated in order to fix that warning. So I think thatnode-pre-gyp
should be updated to depend on the new version ofmake-dir
.Here is what I received: