Updated jasmine-growl-reporter to fix critical vulnerability in Jasmine2.0 #440
Conversation
|
Thanks @beckyconning. Considering that the [1] https://github.com/mhevery/jasmine-node#jasmine |
|
In an ideal world everyone would update to the latest software regardless of breaking changes. However time and labour aren't free. This seems to be a case where changing two characters will improve the security of legacy software. Why prevent such a change? |
There was a problem hiding this comment.
From https://github.com/AlphaHydrae/jasmine-growl-reporter#compatibility:
v2.*drops support for Node.js 0.12 and older
But from here we can see that the Jasmine2.0 branch supports Node.js back to 0.10.
Breaking change needs to be in a new major version.
If you can convince jasmine-growl-reporter to resolve the vulnerability without breaking on Node.js 0.10, I would be happy to make this one update on the Jasmine2.0 branch.
A side point is that legacy software is not free to support from the open-source side. I think we would need both some more active contributors and active backing from something like Tidelift to make this kind of legacy software support practical.
My apologies for the difficulties with the critical vulnerability.
No description provided.