env-cmd
env-cmd copied to clipboard
toddbluhm
New Version Published
Is it possible to get a newer version of this library published?
The most current published version (2020) has a Regular Expression Denial of Service (ReDoS) vulnerability. Looks like the repo itself has addressed this issue via this PR.
Thank you!
at the moment, only @toddbluhm can create releases, I can only review & merge pull requests.
We could start drafting the release notes for v11, but #398 should probably be merged first, since it fixes an unintentional breaking change
Is @toddbluhm still involved? I was about to open an issue for cjs support only to find that the latest published version of the code looks nothing like the latest here on github. It looks like cjs would just work the way it's being handled in main. Maybe you (@k-yle) could fork this (if you haven't already) and publish a scoped package version with the recent changes until Todd is able to respond?
@tandrewnichols It would be a shame to fork this repository, since that would further fragment the community of users...
I sent Todd an email that day but haven't hear back yet
Hey, sorry for the delay in getting around to this, it has been a very busy few months for me. I hope to have a new release out within the next week or so.
I gave @k-yle npm publish authority, and I have created a new PR #406 that should automate releases, so we don't get blocked by one person again.
Thanks @toddbluhm. No need to apologize. Life gets busy, and there are many things more important than open source software.
Good news, almost all the PRs for the new release are in, and the new GitHub action workflow for automating npm publish is in as well.
Just need to land #410 and hopefully #399, then make sure CHANGELOG and docs are up-to-date in #411 (big thanks to @k-yle who already did a lot of that!).
@anichols-ht just released the new version (11.0.0). A lot of changes were made to accommodate newer node versions, so please open new issues if you find bugs or weird functionality.