Can you upgrade jszip to the latest version?

microsoft / tfs-cli

Cross-platform CLI for Microsoft Team Foundation Server and Visual Studio Team Services

MIT License

372 stars 132 forks source link

Can you upgrade jszip to the latest version? #331

Open VAllens opened 5 years ago

VAllens commented 5 years ago

Can you upgrade jszip to the latest version?

jszip v3.2.2 removed core-js@~2.3.0 dependency, the deprecated warning disappeared: "core-js@<2.6.8 is no longer maintained. Please, upgrade to core-js@3 or at least to actual version of core-js@2."

Even if I force upgrade jszip and core-js to the latest version, I can't eliminate this warning!!! Every time npm install terminal output core-js warning, I'm annoyed!!!! (；′⌒`)

holc-tkomp commented 3 years ago

jszip < 3.7.0 also contains following vulnerability (CVE-2021-23413):

Moderate        Prototype Pollution
Package         jszip
Patched in      >=3.7.0
Dependency of   tfx-cli [dev]
Path            tfx-cli > jszip
More info       https://npmjs.com/advisories/1774