static icon indicating copy to clipboard operation
static copied to clipboard

Published 20 hours ago verified publisher icon koajs

[feat] New Release

Open x20mar opened this issue 2 years ago • 5 comments

Describe the feature

Hey, I was wondering if we could get a new release, please? There is a security vulnerability in koa-send that was resolved in v5.0.1

The security vulnerability https://github.com/advisories/GHSA-29xr-v42j-r956 was resolved by removing the mz package (see https://github.com/koajs/send/compare/5.0.0...v5.0.1)

Thanks

Checklist

  • [x] I have searched through GitHub issues for similar issues.
  • [x] I have completely read through the README and documentation.

x20mar avatar Aug 23 '22 11:08 x20mar

seconding this for resolving the security vulnerability

mauricio-molina avatar Sep 23 '22 19:09 mauricio-molina

I'm fairly new to the koa-ecosystem and I'm looking around trying to find an static file package that is maintained and updated, everything I find is mostly forks and unmaintained for 4-8 years, including this one that is hosted on the official koajs org. The official website does not mention the word static either, at least some hints on where to look would be nice. I get that the packages (modules) are fairly small and focused, but just keeping dependencies fresh and maintained goes a long way improving trust.

I'd rather not go back to Express (used on and off since it was released), so I'll just use this module and hopefully it will be updated soon.

sondreb avatar Dec 10 '22 01:12 sondreb

@sondreb Hi,

I'm already working on an update koa-static, I'll finish soon.

etroynov avatar Sep 05 '23 13:09 etroynov

@etroynov good to know, here's hoping it happens :)

iambumblehead avatar Oct 04 '23 21:10 iambumblehead

Hi @etroynov, Can I know whether there is an ETA for the new release that addresses the security vulnerability? 🙏

fogmoon avatar May 21 '24 10:05 fogmoon