Update insecure adm-zip's version

seishun / node-steam

Interface directly with Steam servers from Node.js

MIT License

1k stars 180 forks source link

Update insecure adm-zip's version #448

Closed hong4rc closed 5 years ago

hong4rc commented 5 years ago

Update adm-zip. ^0.4 is insecure.

seishun commented 5 years ago

^0.4 will install 0.4.13 anyway, so it this really a problem? Plus the vulnerability in old versions doesn't affect node-steam anyway, since it doesn't extract to disk.