Protect users from high risk vulnerability with a new release version

pouchdb-community / pouchdb-authentication

User authentication plugin for PouchDB and CouchDB.

Apache License 2.0

777 stars 117 forks source link

Protect users from high risk vulnerability with a new release version #256

Open silverbackdan opened 5 years ago

silverbackdan commented 5 years ago

The patches applied in October / November last year could do with being released to prevent a high risk vulnerability in url-parse and so we are able to upgrade without rebuilding the package in our own fork. Would it be possible to make a new release?

assemblethis commented 5 years ago

Yes, please, a new release.

My workaround at the moment is to include the latest in package.json as:

"pouchdb-authentication": "github:pouchdb-community/pouchdb-authentication",

MentalGear commented 4 years ago

I agree, a new release would make sense and protect users of this package.