monaca / monaca-lib

npm package for handling Monaca cloud API and local debugging API
http://monaca.io
Other
14 stars 11 forks source link

Any plans to upgrade vulnerable dependencies? #163

Open nexjhealth opened 1 year ago

nexjhealth commented 1 year ago

Hi there,

Do you have any plan to merge the following PRs in a near future: #162, #160, #157 and #156 The adbkit dependency shold also be changed to use @devicefarmer/adbkit since OpenSTF no longer maintains this project (https://github.com/openstf/adbkit/issues/132). And bumping adbkit to @devicefarmer/adbkit 3.2.3 would also fix a bunch of node-forge vulnerabilities (https://github.com/advisories/GHSA-x4jg-mjrx-434g, https://github.com/advisories/GHSA-cfm4-qjh2-4765, https://github.com/advisories/GHSA-92xj-mqp7-vmcj, https://github.com/advisories/GHSA-2r2c-g63r-vccr, https://github.com/advisories/GHSA-8fr3-hfg3-gpgp, https://github.com/advisories/GHSA-5rrq-pxf6-6jx5, https://github.com/advisories/GHSA-wxgw-qj99-44c2 and https://github.com/advisories/GHSA-gf8q-jrpm-jvxq).

Or maybe monaca-lib isn't affected by these vulnerabilities?

Thank you