nps-utils icon indicating copy to clipboard operation
nps-utils copied to clipboard

Published 20 hours ago verified publisher icon kentcdodds

Indirect dependency trim-newlines <3.0.1 reported high servery vulnerability

Open jgomesmv opened this issue 2 years ago • 4 comments

Installed Version: 1.7.0

NPM Version: 8.5.5

Dependency Tree: nps-utils > cpy-cli > meow> trim-newlines

image

jgomesmv avatar Nov 04 '22 16:11 jgomesmv

More info: The copy and open commands are affected (copy uses cpy-cli and open uses opn-cli)

  • cpy-cli is three major versions behind (referenced: 1.0.1, current: 4.2.0)
  • opn-cli has been deprecated and renamed to open-cli. The current version is 7.2.0.

Since nps-utils doesn't do anything other than pass the arguments directly to the binaries, this should be an easy change to upgrade to the new versions.

justinhelmer avatar Dec 16 '22 16:12 justinhelmer

It seems we have two PR's open to update dependencies: https://github.com/kentcdodds/nps-utils/pull/46 https://github.com/kentcdodds/nps-utils/pull/34

Can one of the contributors take a look? @wmertens @huy-nguyen @mikecann @gunnx @erikras @jemhuntr

Cheers!

jgomesmv avatar Dec 16 '22 16:12 jgomesmv

Are there any updates?

Ido-Levi avatar Jan 16 '23 10:01 Ido-Levi

JFYI I ended up moving away from this package and just using concurrently for my nps util needs because it doesn't seem to be actively maintained.

justinhelmer avatar Jan 30 '23 16:01 justinhelmer