search

nfroidure / ttf2woff2

Convert ttf files to woff2.
MIT License
303 stars 40 forks source link

npm audit - HIGH - Arbitrary File Overwrite #48

Closed webjohan closed 3 years ago

webjohan commented 5 years ago

Sub dependency of node-gyp "node-gyp": "^3.7.0" package tar has a High warning for dependency (tar) in npm audit.

npm audit security report High : Arbitrary File Overwrite Package : tar Path: (* >) ttf2woff2 > node-gyp > tar

Finesse commented 5 years ago

The 4.0.0 version of node-gyp was released recently and it fixes the audit issue

andersk commented 3 years ago

ttf2woff2@4.0.0 now depends node-gyp@^7.1.2, so this can be closed.