tauricon icon indicating copy to clipboard operation
tauricon copied to clipboard

Published 20 hours ago verified publisher icon tauri-apps

Fix vulnerable dependencies

Open MaKleSoft opened this issue 3 years ago • 5 comments
trafficstars

We're currently seeing 24 vulnerabilities (12 with severity "high") in our Tauri package, all of which are coming from @tauri-apps/tauricon. I know dealing with npm audit warnings is annoying, but for a tool focused on security, I think it's important to make sure your deps are clean. I hope we can expect a fix soon? Thanks!

MaKleSoft avatar Jun 22 '22 12:06 MaKleSoft

Thanks @MaKleSoft - just remember that @tauri-apps/tauricon is a devDep, but your point is well taken.

nothingismagick avatar Jun 22 '22 12:06 nothingismagick

@nothingismagick Yeah, I'm aware, but it's something that was pointed out to us during our audit. And it generally just doesn't look good to have a lot of npm audit warnings, regardless of whether they actually have any impact.

MaKleSoft avatar Jun 22 '22 12:06 MaKleSoft

I totally agree! Please see this PR https://github.com/tauri-apps/tauricon/pull/63

nothingismagick avatar Jun 22 '22 12:06 nothingismagick

Yeah this issue is really not solvable without the rust rewrite, basically every node package we need to make this work is unmaintained...

FabianLars avatar Jun 22 '22 15:06 FabianLars

exactly

nothingismagick avatar Jun 22 '22 15:06 nothingismagick