bin-build icon indicating copy to clipboard operation
bin-build copied to clipboard
verified publisher icon kevva

Out of date dependencies

Open emilushi opened this issue 7 years ago • 5 comments

Please update dependencies decompress and download to latest version because they require gulp-util which is depreciated.

Thanks!

emilushi avatar Aug 20 '18 12:08 emilushi

https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5

dewrox avatar Aug 22 '18 05:08 dewrox

@dewrox I have seen it, but bin-build has old version of decompress and download on its dependencies and they were using gulp-util.

emilushi avatar Aug 22 '18 16:08 emilushi

The current version of download being used ^6.2.2 also has a sub-dependency of tunnel-agent, which contains a Memory Exposure vulnerability. download > caw > tunnel-agent

https://nodesecurity.io/advisories/598

pratomchaip avatar Oct 04 '18 10:10 pratomchaip

download < 11.8.5 also drags https://github.com/advisories/GHSA-pfrx-2q88-qq97

gonzalob avatar May 18 '23 18:05 gonzalob