Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rc dependency - out of date #493

Closed
redevill opened this issue Mar 19, 2020 · 4 comments
Closed

rc dependency - out of date #493

redevill opened this issue Mar 19, 2020 · 4 comments

Comments

@redevill
Copy link

It appears that you have yet another security problem with a lib called rc. This library(rc) is out of date (refers to minimist which has had a security update), and does not appear to be maintained. recommend that you removed this (rc) dependency...
@jt-nti
Copy link

jt-nti commented Mar 20, 2020

There is an rc PR to update the version of minimist dominictarr/rc#114 but not sure how likely it is to get merged

@jt-nti jt-nti mentioned this issue Mar 20, 2020
Closed
@redevill
Copy link
Author

I did see that, but after no action on that lib for 3 years, I figured it would be faster to incorporate the code into your library and remove the dependency. It is quite surprising how far reaching the minimist vulnerability is... I have over 300 npm warnings in my project as a result. Thanks for the reply.

@martin-fogelman martin-fogelman mentioned this issue Jan 5, 2021
Closed
@springmeyer
Copy link
Contributor

This is fixed in @mapbox/node-pre-gyp@1.0.0 which no longer uses rc dependency.

@redevill
Copy link
Author

redevill commented Feb 9, 2021

Cool Beans :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@springmeyer @jt-nti @redevill