Latest release uses vulnerable yargs-parser #302
Comments
|
Yep, seems this was resolved here: #195 Any chance of a new release with the fix @jimmyandrade 🙏 |
jimmyandrade
added
dependencies
|
@chrisdjali-wrld3d thanks for sharing and reminding us of this issue. @iainbethune thanks for asking. I still can't release a new version by myself, because I don't have NPM publishing tokens yet, I need help from @evilebottnawi. @alexander-akait could you help us with this? |
|
Just wondering if there is any update on getting a new release out @jimmyandrade @alexander-akait? |
|
@iainbethune I still can't release a new version by myself 😢 @alexander-akait could you give me permissions for publishing |
|
@jimmyandrade can you give me your npm account? |
|
Sorry for delay, there are a lot of issues (over 200-300 every day) |
@alexander-akait Of course! It's
Wow! I had no idea. I hope that with these publishing permissions I will help you to decrease at least some of these requests here 😊 |
|
I really hate |
|
@jimmyandrade now you can publish https://www.npmjs.com/package/webfont, don't forget to enable 2FA to security |
|
Just got an automated note about this from github today... are we any closer to getting a new release out @jimmyandrade? P.S. Thanks for both of you guys spending your time solving this :) |
ghost
mentioned this issue
|
just wondering if the new release is going to be published soon addressing this issue? cheers. |
I have great news! Now I can publish packages, so Webfont 10 was released yesterday with many dependency upgrades. (It's a breaking change because we removed support to legacy Node versions). Could you please try v10.0.0? Thanks! |
|
Looks like this has been resolved now, so I'm closing it. |
The 9.0.0 release depends on
yargs-parser^10.0.0viameow^5.0.0. It looks like this has been resolved on the master branch, but no release has happened since then. This means that users of the NPM package will failnpm audit.The text was updated successfully, but these errors were encountered: