node-coveralls
node-coveralls copied to clipboard
Security issue `json-schema`
Hello @nickmerwin and node-coveralls team
Thank you a lot for maintaining this great package. I got notification which json-schema
is vulnerable and when running yarn why json-schema
i found these result
yarn why v1.22.17
[1/4] 🤔 Why do we have the module "json-schema"...?
[2/4] 🚚 Initialising dependency graph...
[3/4] 🔍 Finding dependency...
[4/4] 🚡 Calculating file sizes...
=> Found "[email protected]"
info Reasons this module exists
- "coveralls#request#http-signature#jsprim" depends on it
- Hoisted from "coveralls#request#http-signature#jsprim#json-schema"
info Disk size without dependencies: "256KB"
info Disk size with unique dependencies: "256KB"
info Disk size with transitive dependencies: "256KB"
info Number of shared dependencies: 0
✨ Done in 0.39s.
We can somehow fix this?
Since this library doesn't seem to be supported anymore I fix a bunch of things on a fork if you want to check it out and are still pulling the library into your packages: https://github.com/jtwebman/coveralls-next
@jtwebman why don't you send a PR from your fork against the main repo so it can be considered for an official release?
@ain I had one open for over a year and never got merged. https://github.com/nickmerwin/node-coveralls/pull/311
As we waited so long and i'm decided to go with coveralls-next
Thank you @jtwebman