Skip to content
This repository has been archived by the owner on Dec 6, 2018. It is now read-only.

Latest version on npm is 6.6.5 #120

Open
arj03 opened this issue Jul 23, 2018 · 5 comments
Open

Latest version on npm is 6.6.5 #120

arj03 opened this issue Jul 23, 2018 · 5 comments

Comments

@arj03
Copy link

arj03 commented Jul 23, 2018

But github only shows 6.6.4?
@simon-p-r
Copy link

Version 6.6.5 pulls in a vunerable version of bl via levelup whereas 6.6.4 does not depend on levelup



                                 Manual Review
             Some vulnerabilities require your attention to resolve

          Visit https://go.npm.me/audit-guide for additional guidance


  Moderate        Memory Exposure

  Package         bl

  Patched in      >=0.9.5 <1.0.0 || >=1.0.1

  Dependency of   level-sublevel

  Path            level-sublevel > levelup > bl

  More info       https://nodesecurity.io/advisories/596

found 1 moderate severity vulnerability in 552 scanned packages
  1 vulnerability requires manual review. See the full report for details.

@vweevers
Copy link

6.6.3 and 6.6.4 are broken (see #116, #117), so 6.6.5 was released, which reverts to 6.6.2.

@simon-p-r
Copy link

Thanks @vweevers but I cannot see the commit for 6.6.5 which is causing issue, I will replace level-sublevel as appears to be unusable at present

@vweevers
Copy link

@simon-p-r You could pin to 6.6.2. If you're looking for a replacement, see subleveldown.

@simon-p-r
Copy link

Yes I will make switch thanks!

@christianbundy christianbundy mentioned this issue Sep 7, 2019
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@arj03 @vweevers @simon-p-r