[feat] New Release

Question

[feat] New Release

x20mar opened this issue 2 years ago · comments

Describe the feature

Hey, I was wondering if we could get a new release, please? There is a security vulnerability in koa-send that was resolved in v5.0.1

The security vulnerability GHSA-29xr-v42j-r956 was resolved by removing the mz package (see koajs/send@5.0.0...v5.0.1)

Thanks

Checklist

I have searched through GitHub issues for similar issues.
I have completely read through the README and documentation.

Mauricio Molina · Answer 1 · Sat Sep 24 2022 03:15:33 GMT+0800 (China Standard Time)

seconding this for resolving the security vulnerability

SondreB · Answer 2 · Sat Dec 10 2022 09:01:49 GMT+0800 (China Standard Time)

I'm fairly new to the koa-ecosystem and I'm looking around trying to find an static file package that is maintained and updated, everything I find is mostly forks and unmaintained for 4-8 years, including this one that is hosted on the official koajs org. The official website does not mention the word static either, at least some hints on where to look would be nice. I get that the packages (modules) are fairly small and focused, but just keeping dependencies fresh and maintained goes a long way improving trust.

I'd rather not go back to Express (used on and off since it was released), so I'll just use this module and hopefully it will be updated soon.

Evgenii Troinov · Answer 3 · Tue Sep 05 2023 21:16:25 GMT+0800 (China Standard Time)

@sondreb Hi,

I'm already working on an update koa-static, I'll finish soon.

iambumblehead · Answer 4 · Thu Oct 05 2023 05:22:58 GMT+0800 (China Standard Time)

@etroynov good to know, here's hoping it happens :)