node-slug icon indicating copy to clipboard operation
node-slug copied to clipboard

Published 20 hours ago verified publisher icon dodo

PR: Fix issue #82

Open vvanmol opened this issue 7 years ago • 16 comments

This PR includes a possible fix for Issue #82.

Please accept the merge if you agree, otherwise let me know how would you see this fixed.

Regards

vvanmol avatar Jan 29 '18 09:01 vvanmol

Any news on this?

silvae86 avatar Feb 28 '18 17:02 silvae86

If this is a fix for the security problem, it would be great to have this merged ... and a new version published to npm

pkyeck avatar Mar 12 '18 17:03 pkyeck

I never got any answer to the PR...

vvanmol avatar Mar 12 '18 21:03 vvanmol

Almost 2 months later bump.

https://nodesecurity.io/advisories/537

This package is looking a bit stale.

gcphost avatar May 11 '18 17:05 gcphost

@dodo Any chance of this being merged?

woodyrew avatar May 15 '18 09:05 woodyrew

@woodyrew
Slugify is still active. https://www.npmjs.com/package/slugify

gcphost avatar May 15 '18 16:05 gcphost

Still waiting... :(

hawkeye64 avatar Jun 27 '18 19:06 hawkeye64

Last commit/publish was 3 years ago and the main maintainer does not seem to be very active on GitHub currently :confused: I'm afraid some people have to pick alternatives like https://www.npmjs.com/package/slugify or https://www.npmjs.com/package/mollusc (active fork of this package) until this gets fixed.

Ilshidur avatar Jun 28 '18 08:06 Ilshidur

Ironically, node-slug seems like it's owner: dead like a @dodo

woodyrew avatar Jun 28 '18 10:06 woodyrew

@dodo , please merge or nominate a maintainer

StoneCypher avatar Sep 30 '18 18:09 StoneCypher

0.9.2 has been published with this issue fixed. https://www.npmjs.com/package/slug/v/0.9.2

@vvanmol Can you close this?

Trott avatar Oct 25 '18 05:10 Trott

@Trott The changes haven't been pushed to this repo. Version is still 0.9.1 in package.json

woodyrew avatar Oct 25 '18 10:10 woodyrew

Hi @Trott As mentioned by @woodyrew the new release is not part of this repository, I don't see my PR merged here... Did you take ownership of the repository somewhere else ?

vvanmol avatar Oct 25 '18 13:10 vvanmol

@Trott The changes haven't been pushed to this repo. Version is still 0.9.1 in package.json

@woodyrew That's because I don't have write access to this repo. I do have access to publish the module on npm though, so I did the update in my own fork and published that to npm as 0.9.2. @dodo seems to be unreachable, but if they ever pop up again, I'm more than happy to turn anything and everything back over to them (or not--whatever they want). But until then... that's the situation.

I have a question in to a GitHub employee about whether GitHub has a process for this kind of situation that would allow me to get write access to this repo.

Trott avatar Oct 25 '18 17:10 Trott