Request for New Release of npm-check #576
Comments
|
Dear @dylang Thank you for your continuous efforts to maintain the npm-check package. It's a crucial tool in our development workflow, and we appreciate your efforts in keeping it up-to-date. We noticed that renovate[bot] has made a number of updates to the dependencies of npm-check. However, because there hasn't been a new release of npm-check for some time, these changes are not reflected in the npmjs registry. This has caused some difficulties in our development environment when fetching the dependencies via npm install. To solve this problem, we kindly request for a new release of npm-check on the npmjs registry to include the updated dependencies. Thank you for your understanding and support. We are looking forward to the new release. Best Regards, |
CharlesCai01
changed the title
Hi, I found that npm-check@6.0.1 uses package-json@6.5.0 which will introduce a vulnerable library got@9.6.0. But this vulnerability has already been fixed in the master branch of npm-check.
Could you publish a version of npm-check to fix related issue?
The version of got library that npm-check depends now.
The package.json of Master branch
The package.json of v6.0.1 tag
The below is information about the vulnerability that got@9.6.0 has.
BDSA-2022-3763 3.8 Low
CVE-2022-33987 5.3 Medium https://nvd.nist.gov/vuln/detail/CVE-2022-33987
The text was updated successfully, but these errors were encountered: