Caporal.js icon indicating copy to clipboard operation
Caporal.js copied to clipboard

Published 20 hours ago verified publisher icon mattallty

Create a new stable version

Open VasiliDarozhkin opened this issue 3 years ago • 4 comments
trafficstars

Hello!

Could you please create a new stable version?

Version 2.0.2 that is the most recent stable version doesn't have some changes, for example - updated lodash version

Thank you!

VasiliDarozhkin avatar Feb 23 '22 17:02 VasiliDarozhkin

@mattallty Would that be possible? Thank you!

VasiliDarozhkin avatar Mar 03 '22 17:03 VasiliDarozhkin

Caporal released on npm has become a significant security risk, through its dependencies. snyk test reports many high sev issues in lodash, chalk, ansi-regex... maybe others.

We do need a new build, please, with updated dependencies.

Additionally, please consider using ^ in the semver for the dependencies, so that you won't need to kick out a new build every time they discover a vulnerability in one of the dependencies.

Thank you for Caporal!

hwinkler avatar Mar 17 '22 21:03 hwinkler

Same issue with us as well, any chance we get a new version? Thanks!

waheedahmed avatar Apr 07 '22 06:04 waheedahmed

I'm working on it - CI is currently broken so that's a blocker but I'm gonna spend some time to fix it this weekend

mattallty avatar Apr 07 '22 06:04 mattallty

@VasiliDarozhkin @hwinkler if you still use this package, please try installing @caporal/core@next and tell me if it's working well for you, thanks !

mattallty avatar Aug 27 '23 13:08 mattallty

3.0 has been released with updated deps: https://www.npmjs.com/package/@caporal/core

mattallty avatar Aug 28 '23 11:08 mattallty