Closed jcharaoui closed 5 years ago
flatmap-stream is no longer accessible so building XOA from source is also broken.
gulp-refresh
and gulp-embedlr
seems to be the only packages using these two.
Might want to nix live-reloading until an alternative is found, or NPM allows flatmap-stream
back because it was fixed.
EDIT:
It seems a number of packages have fixed their dependencies in the frenzy, so the offending flatmap-stream
package is no longer included.
@Findarato Deleting the yarn.lock
that was pulled from the repo and regenerating it with yarn
fixed the issue. flatmap-stream
is no longer included in the install.
Seems that all the @julien-f or one of the other maintainers would have to do.
Thanks for your report, I've updated the dependencies, flatmap-stream
is no longer used!
As noted, this dependency was only used in development, no need to cut a release for this.
According to multiple reports, some malware code was introduced in two popular Node.js libraries
event-stream
andflatmap-stream
, both of which are used (directly or indirectly) in Xen Orchestra.Please investigate and determine if Xen Orchestra users are vulnerable to this malware and if so, how to identify and correct the problem.
Thanks!