Update node-pre-gyp to fix security issues #606
Conversation
|
@crutchcorn broken on Node 6? |
|
Well that's not ideal @fluxsauce . It seems that it's running |
|
Any updates on this? The PR shows that the major of this package is going to update to 3, so why not merge this with a Node 7 requirement. And then figure out a solution for the older major? |
|
@crutchcorn Why are the node 4 and node 5 builds working then? And why is only the MacOS build failing? If it's only because of https://travis-ci.org/kelektiv/node.bcrypt.js/builds/376661218 |
|
@lahdekorpi It will not be possible to just drop a supported LTS release. Although the issue is rated as moderate, it is rated as low for us, as we do not use the module in run-time. Even the module is not invoked while installing from npm. |
| @@ -11,10 +11,10 @@ | |||
| "crypto" | |||
| ], | |||
| "main": "./bcrypt", | |||
| "version": "2.0.1", | |||
| "version": "3.0.0", | |||
There was a problem hiding this comment.
Please do not make this increment. We will release with a CHANGELOG and the increment is done as the part of it.
|
The tests on Travis are all passing, so if the review item to revert the version change gets done, will this item be good to merge? |
|
I'll cut a release on Sunday |
|
@agathver Please publish on npm. |
|
@agathver sorry for the ping, any update on when this will publish on npm? |
Because
node-pre-gypv0.9.1has a dependency that opens security issues, I updated the version to0.10.0in order to fix this. I've ran tests and they all passed perfectly fine. That being said, I had to bump the version of Node supported to6rather than4(aspre-gypdrops support for4due to EOL upcoming) and thusly updated the major version of the package to3.0.0rather than2.0.2or2.1.0because of how semver works.Either way, not a massive change.
Fixes #604