semver@6.3.0 Vulnerability within nyc@15.1.0

Question

semver@6.3.0 Vulnerability within nyc@15.1.0

rlerma opened this issue a year ago · comments

Is this repo still being maintained?

nyc has the following dependency tree based on semver

nyc@15.1.0
├─┬ istanbul-lib-instrument@4.0.3
│ ├─┬ @babel/core@7.19.0
│ │ ├─┬ @babel/helper-compilation-targets@7.19.0
│ │ │ └── semver@6.3.0
│ │ └── semver@6.3.0
│ └── semver@6.3.0
└─┬ make-dir@3.1.0
└── semver@6.3.0

semver@<7.5.2 has a vulnerability
GHSA-c2qf-rxjj-qqgw

Rafael Medeiros · Answer 1 · Tue Jul 04 2023 01:53:13 GMT+0800 (China Standard Time)

No response? 👀

AxxlFoley · Answer 2 · Tue Jul 04 2023 16:35:46 GMT+0800 (China Standard Time)

I also need a fix .. any update ?

Joe H · Answer 3 · Tue Jul 04 2023 17:51:08 GMT+0800 (China Standard Time)

@coreyfarrell are you able to comment if this repo is still maintained?

Arokia Lijas · Answer 4 · Wed Jan 03 2024 14:57:17 GMT+0800 (China Standard Time)

Did anyone find any alternative?

AxxlFoley · Answer 5 · Wed Jan 03 2024 17:06:11 GMT+0800 (China Standard Time)

@jaws97 After realizing that nyc is not really maintained any longer, our project switched to C8
https://github.com/bcoe/c8