lirantal
commented
7 years ago thanks. you also need to release a new version to npm so we can install the latest without the security vulnerability.
Closed lirantal closed 7 years ago
lirantal
commented
7 years ago thanks. you also need to release a new version to npm so we can install the latest without the security vulnerability.
lirantal
commented
7 years ago @grantcarthew ^
grantcarthew
commented
7 years ago Can't do mate. That's for @neumino .
lirantal
commented
7 years ago gotcha. I'll patiently wait then :-)
neumino
commented
7 years ago @grantcarthew - what's your npm user name? I can give you write access
neumino
commented
7 years ago Published 2.3.9 for now.
grantcarthew
commented
7 years ago Same as here mate: grantcarthew https://www.npmjs.com/~grantcarthew
neumino
commented
7 years ago Oki,
@grantcarthew, if I didn't screw up, you should be able to release a npm package now. Ping me if you can't release one next time.
grantcarthew
commented
7 years ago Is there a release procedure @neumino ?
The validator package has an XSS vulnerability, we're using a very old version. Instead of making it a possible breaking change for the current version (8.x) I updated to the nearest version where the security vulnerability has been fxied: 3.34.0
You can read more here: https://snyk.io/vuln/npm:validator:20150313 Since this is a security update a quick response would be appreciated.