env-cmd icon indicating copy to clipboard operation
env-cmd copied to clipboard

New Version Published

Open JabraJim opened this issue 7 months ago • 2 comments

Is it possible to get a newer version of this library published?

The most current published version (2020) has a Regular Expression Denial of Service (ReDoS) vulnerability. Looks like the repo itself has addressed this issue via this PR.

Thank you!

JabraJim avatar Apr 23 '25 15:04 JabraJim

at the moment, only @toddbluhm can create releases, I can only review & merge pull requests.

We could start drafting the release notes for v11, but #398 should probably be merged first, since it fixes an unintentional breaking change

k-yle avatar Apr 23 '25 16:04 k-yle

Is @toddbluhm still involved? I was about to open an issue for cjs support only to find that the latest published version of the code looks nothing like the latest here on github. It looks like cjs would just work the way it's being handled in main. Maybe you (@k-yle) could fork this (if you haven't already) and publish a scoped package version with the recent changes until Todd is able to respond?

tandrewnichols avatar May 29 '25 14:05 tandrewnichols

@tandrewnichols It would be a shame to fork this repository, since that would further fragment the community of users...

I sent Todd an email that day but haven't hear back yet

k-yle avatar Jun 18 '25 09:06 k-yle

Hey, sorry for the delay in getting around to this, it has been a very busy few months for me. I hope to have a new release out within the next week or so.

I gave @k-yle npm publish authority, and I have created a new PR #406 that should automate releases, so we don't get blocked by one person again.

toddbluhm avatar Jul 03 '25 06:07 toddbluhm

Now tracking the v11 release on this PR #411

toddbluhm avatar Jul 03 '25 07:07 toddbluhm

Thanks @toddbluhm. No need to apologize. Life gets busy, and there are many things more important than open source software.

anichols-ht avatar Jul 03 '25 13:07 anichols-ht

Good news, almost all the PRs for the new release are in, and the new GitHub action workflow for automating npm publish is in as well.

Just need to land #410 and hopefully #399, then make sure CHANGELOG and docs are up-to-date in #411 (big thanks to @k-yle who already did a lot of that!).

toddbluhm avatar Jul 17 '25 11:07 toddbluhm

@anichols-ht just released the new version (11.0.0). A lot of changes were made to accommodate newer node versions, so please open new issues if you find bugs or weird functionality.

toddbluhm avatar Aug 23 '25 03:08 toddbluhm