-
Notifications
You must be signed in to change notification settings - Fork 259
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability warning due to make-dir version #685
Comments
It looks like the package is a bit slow to update its dependencies, so maybe semi-automated dependency updates via Dependabot or a similar mechanism can help here. That's why I opened a PR that adds a Dependabot configuration (#688). |
@striezel very slow. Last version was in September, seems completely abandoned ever since (issues/PRs get no response). I'm looking to remove it from node-argon2 |
That is sad. :( |
Team any update on semver vulnerablility fix : CVE-2022-25883 |
Hey all, apologies for the delays. Will get this patched soon. |
@axrj can you please share the issue ID link for the fix, where we can trace the same for the feature release. |
|
Hi developers,
Currently, this package receives a vulnerability warning concerning CVE-2022-25883 reported a few days ago.
This package depends on
make-dir
which has been updated in order to fix that warning. So I think thatnode-pre-gyp
should be updated to depend on the new version ofmake-dir
.Here is what I received:
The text was updated successfully, but these errors were encountered: