search

max-mapper / extract-zip

Zip extraction written in pure JavaScript. Extracts a zip into a directory.
BSD 2-Clause "Simplified" License
391 stars 127 forks source link

Upgrade concat-stream to 1.6.2 to avoid security vulnerability in Buffer usage #70

Closed kozmic closed 6 years ago

kozmic commented 6 years ago

Hi,

Could concat-stream be upgraded to 1.6.2, 1.6.0 has a vulnerability in how Buffer is used (fixed in 1.6.2 by this commit https://github.com/maxogden/concat-stream/commit/b198e8d9d437198990ae7740b70e9838bb45fd54)?