node-coveralls icon indicating copy to clipboard operation
node-coveralls copied to clipboard

Published 20 hours ago verified publisher icon nickmerwin

Security issue `json-schema`

Open dalisoft opened this issue 2 years ago • 4 comments

Hello @nickmerwin and node-coveralls team

Thank you a lot for maintaining this great package. I got notification which json-schema is vulnerable and when running yarn why json-schema i found these result

yarn why v1.22.17
[1/4] 🤔  Why do we have the module "json-schema"...?
[2/4] 🚚  Initialising dependency graph...
[3/4] 🔍  Finding dependency...
[4/4] 🚡  Calculating file sizes...
=> Found "[email protected]"
info Reasons this module exists
   - "coveralls#request#http-signature#jsprim" depends on it
   - Hoisted from "coveralls#request#http-signature#jsprim#json-schema"
info Disk size without dependencies: "256KB"
info Disk size with unique dependencies: "256KB"
info Disk size with transitive dependencies: "256KB"
info Number of shared dependencies: 0
✨  Done in 0.39s.

We can somehow fix this?

dalisoft avatar Feb 26 '22 16:02 dalisoft

Since this library doesn't seem to be supported anymore I fix a bunch of things on a fork if you want to check it out and are still pulling the library into your packages: https://github.com/jtwebman/coveralls-next

jtwebman avatar Mar 06 '22 22:03 jtwebman

@jtwebman why don't you send a PR from your fork against the main repo so it can be considered for an official release?

ain avatar May 09 '22 19:05 ain

@ain I had one open for over a year and never got merged. https://github.com/nickmerwin/node-coveralls/pull/311

jtwebman avatar May 10 '22 20:05 jtwebman

As we waited so long and i'm decided to go with coveralls-next Thank you @jtwebman

dalisoft avatar Sep 01 '22 17:09 dalisoft