-
Notifications
You must be signed in to change notification settings - Fork 155
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
chore: update dependency #285
base: master
Are you sure you want to change the base?
Conversation
Should fix the vulnerability, see the installation message:
|
Chatted with @raymondfeng , the best solution would be a new release of https://github.com/1and1/oneandone-cloudserver-sdk-nodejs I contacted the author in 1and1/oneandone-cloudserver-sdk-nodejs#21 (comment), will wait and see if we can use the new release. |
Hey all, I really appreciate all the work that has gone into this package to make Strongloop/Loopback a viable framework. I'm hoping that this can be merged in sometime soon as I continue to get Again, I appreciate all the work! Thanks in advance. |
Waiting for this update too. |
To those who are concerned, we did the analysis and concluded that the reported vulnerability was transitively from an older version of mocha. No runtime code uses that dependency and it's safe even though a warning is issued by We understand the alerts are annoying. We have tried to get it fixed by upstream modules but no success so far. It's a bit frustrating. We'll see if we have to fork the offending modules and release them under new names. |
@raymondfeng I'd like some help with #237 Not sure if I should open a new one. |
Hey all, I really appreciate all the work, Waiting for this update too. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Is there any update on this? I know that the dependency is not being used, but, the |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Is there any update on this? |
Any update on this issue? |
Hey, any update on this issue? |
Is there any update on this story? |
Just checked the comment @jannyHou posted above: 1and1/oneandone-cloudserver-sdk-nodejs#21 (comment), there's no progress from there. In the meanwhile, please take a look at @raymondfeng's comment:
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Update the dependencies:
Solution is from ppproxy@1ab25b6
The vulnerability package path is:
loopback-component-storage@3.6.3 › pkgcloud@2.2.0 › liboneandone@1.2.0 › mocha@2.5.3 › growl@1.9.2
While
liboneandone
is not maintained anymore, more discussion see pkgcloud/pkgcloud#644, pkgcloud/pkgcloud#675, pkgcloud/pkgcloud#671