Skip to content
This repository has been archived by the owner on Jul 24, 2019. It is now read-only.

Bump extract-zip version #679

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump extract-zip version #679

wants to merge 1 commit into from

Conversation

ilkka
Copy link

@ilkka ilkka commented Mar 10, 2017

This bump allows for a future release of extract-zip, that in turn pulls in a newer future release of concat-stream to mitigate a possible memory disclosure vulnerability. extract-zip is already at 1.6.0 so this will not happen without this bump.

This bump allows for a future release of extract-zip, that in turn pulls in a newer future release of concat-stream to mitigate [a possible memory disclosure vulnerability](https://snyk.io/vuln/npm:concat-stream:20160901). extract-zip is already at 1.6.0 so this will not happen without this bump.
@westy92
Copy link

westy92 commented Mar 29, 2017

Could we please get this merged?

@amitdaga
Copy link

Can we please get this merged to master? Change looks simple.

@adon-at-work
Copy link

👍

@erikvold
Copy link

@erikvold
Copy link

@nicks do you still work on this?

@nicks
Copy link
Contributor

nicks commented Jul 18, 2017

This vulnerability doesn't affect us because we only download blessed binaries.

To answer @erikvold 's broader question: at this point, it looks like there will be no further releases of PhantomJS (the upstream project). Thus, I basically consider this installer end-of-lifed. We would only do a release to patch major demonstrable problems.

@avindra
Copy link
Contributor

avindra commented Aug 5, 2017

Seems that this is superseded by #732

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants