Closed jankapunkt closed 2 years ago
TheRealNate
commented
2 years ago Hey @jankapunkt,
Sorry for the delay in replying. I agree that forking and maintaing a copy of minimongo-cache is the best way to do it. Would you be interested in taking this on? If so I'll fork the package to https://github.com/meteorrn/minimongo and setup @meteorrn/minimongo on NPM and give you collaborator status on the GitHub repo.
jankapunkt
commented
2 years ago Hi thank you I would work on this definitely since our project relies on it and we won't pass the audit with its current state
TheRealNate
commented
2 years ago I've forked the package to https://github.com/meteorrn/minimongo-cache. The only thing I noticed is that there appear to be three commits after the version that this package currently uses. They seem pretty small to me but let me know if you disagree. I've given you write access to the repository. I'm in the process of setting up GitHub Actions to auto-publish the package when a new release is created (should have that done within a day or so). I'm going to close the issue here, I think we should continue the conversation on the new repo.
Is your feature request related to a problem? Please describe.
The
minimongo-cachepackage is not maintained since ages and also the reason for my audit nagging about critical vlnbl regarding. Since it is not maintained since 5 years and even an issue from 2019 regarding high vulnbl is not resolved I think it should be forked.Describe the solution you'd like
Fork the minimongo package to keep it updated or at least give it security updates
Describe alternatives you've considered