Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: 🐛 Updated levelup version to 4.2.0 fixing audit #21

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

fix: 🐛 Updated levelup version to 4.2.0 fixing audit #21

wants to merge 2 commits into from

Conversation

srepollock
Copy link

Closes: #20

@srepollock srepollock mentioned this pull request Sep 9, 2019
Open
@favna
Copy link

favna commented Sep 9, 2019

@mafintosh please merge this and create an updated release

@akoushke
Copy link

I would like to request for a change, if that's okay. There is another vulnerability in levelup. the problem had been fixed already form their side Level/levelup#676. However, I'm not sure if it will be a patch/minor version bump. if not, then we need to update this package.json as well.
refer to this picture for the vulnerabilities that I had faced using rollup plugin.

@vweevers
Copy link

@srepollock This PR is incomplete. There have been breaking changes between levelup 0.x and 4 you'll need to account for.

@Vehmloewff
Copy link

@mafintosh, have you had a chance to look at this yet? It would help us out a lot if this were fixed.

srepollock
srepollock commented Dec 31, 2019
View reviewed changes
index.js
var fs = require('level-filesystem');

var db = levelup('level-filesystem', {db:leveljs});
var db = levelup(leveldown('level-filesystem'), {db:leveljs});
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vweevers I've updated to use the leveldown system. I ran with node index.js example.js and it created a new file with some logs in the main project directory. They had .log files and I don't know the exact contents as they were written in buffered data. I believe this may be a fix, but request a review

@mafintosh
Copy link
Owner

I don’t have any time to review this. If someone wants to take it over let me know.

@heitorlessa heitorlessa mentioned this pull request Jun 24, 2020
Open
@srepollock
Copy link
Author

@mafintosh user @lcsvcn has approved this and I addressed the issues @Vehmloewff commented on. Is there any more reason stopping this from being merged in?

@srepollock
Copy link
Author

srepollock commented Aug 12, 2020
edited
Loading

I apologize and would like to update this thread for the sake of @trevorblades . I have accidentally deleted the GitHub repo referenced in the PR here. I have recreated the repo and made the necessary changes here. I will have a release set up as well to pull from NPM, but I would suggest that this PR get some movement.

If because I deleted the repo there is no way to merge in this PR, please @ me here and I can submit a new one with the new repo. Cheers

@favna
Copy link

favna commented Aug 12, 2020

@srepollock github maintains the code changes of deleted repos, thankfully. In the past it would've auto closed this PR but no more.

@trevorblades
Copy link

Thanks for restoring that repo @srepollock!

@jdalrymple
Copy link

Any updates?

@SamsonChoo
Copy link

Could someone teach me how to use @srepollock's fixed version of the repo instead of this version? Seeing that this PR will not be merged anytime soon.

@srepollock
Copy link
Author

@SamsonChoo npm i srepollock-browserify-fs
https://www.npmjs.com/package/srepollock-browserify-fs

@penfold45
Copy link

Hi this appears to still be an open issue. Is there a way to move this along and get it resolved? Happy to help in anyway I can

@srepollock
Copy link
Author

@penfold45 currently the solution is to fork and fix yourself or to use someone else's fix. The developer seems to be inactive on here at this time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lcsvcn lcsvcn lcsvcn approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Addressing NPM security errors by updating levelup to ^4.2.0