jszip dependency security vulnerability

Question

rooby opened this issue 2 years ago · comments

The jszip dependency version has a vulnerability and should be updated.
See GHSA-jg8v-48h5-wgxg

Stephen Heindel · Answer 1 · Mon Aug 21 2023 21:34:16 GMT+0800 (China Standard Time)

Resolved as of tag v0.4.0, should be on npm soon.

Stephen Heindel · Answer 2 · Wed Aug 23 2023 02:02:50 GMT+0800 (China Standard Time)

Good news: v0.4.2 is now available.

Less good news: Mapbox changed their deployment organization so this package is now hosted under a different package

Reuben Turk · Answer 3 · Wed Aug 23 2023 13:53:44 GMT+0800 (China Standard Time)

Thanks for your efforts on getting this new version out @sheindel
Aside from the PR I opened about the types it seems to be working for my usage.