Skip to content
This repository has been archived by the owner on Apr 12, 2024. It is now read-only.

Fix security issue by updating decompress-zip #10

Open
AoDev opened this issue Jan 30, 2019 · 5 comments
Open

Fix security issue by updating decompress-zip #10

AoDev opened this issue Jan 30, 2019 · 5 comments

Comments

@AoDev
Copy link

AoDev commented Jan 30, 2019

Got a warning corresponding to this security issue:
https://www.npmjs.com/advisories/777

From the issue description:

"For decompress-zip 0.3.x upgrade to 0.3.2 or later."
@AstroGD
Copy link

AstroGD commented Jan 30, 2019

Got the same error while using electron-packager. The problem goes back to your package.
There is an update available for decompress-zip.

@AstroGD AstroGD mentioned this issue Jan 30, 2019
Closed
@AoDev
Copy link
Author

AoDev commented Jan 30, 2019

Actually it's a bit weird, this package is under "electron-archive", supposedly for packages that are not maintained anymore.

@AstroGD
Copy link

AstroGD commented Jan 31, 2019

Oh, thats not good. But why is it used then if its no longer maintained? This is a potential risk for every program...

@Orrison
Copy link

Orrison commented Feb 12, 2019

Please update the decompress-zip to at least 0.3.2

Until then I have recommended on packages that use this to replace for a maintained package

@ThadHouse
Copy link

@kevinsawicki You were the last person to commit to this repo. Is this issue something you can look into. asar depends on this package, which a LOT of other packages depend on. Should be a quick fix by someone that has push permissions.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix Dependency Vulnerability
4 participants
@AoDev @Orrison @ThadHouse @AstroGD