Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Use of a vulnerable dependency
See original GitHub issueSnyk recently pointed out in some of my projects that some dependencies were vulnerable to an issue that goes back to extend and sshpk but those were apparently fixed in the request@2.88.0 which has been updated on jsdom (currently at v13.1.0).
This package, however, doesn’t use an up-to-date and vulnerability free version of jsdom and PRs like #1230 are still hanging.
Would it be possible to get this sorted (I was planning on opening a PR myself but @greenkeeper already did)?
Issue Analytics
- State:
- Created 5 years ago
- Comments:5 (1 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I’m curious if the Cheerio project is still alive. The last commit to the README claims that ongoing development is happening in the main branch, and gives a link for the branch for the last release – however that commit was a few months ago and of course there’s been no activity since.
I find this worrying since I’ve built a fairly large application (https://akashacms.com) around Cheerio.
Activity has definitely slowed down right now. I still want to get a final 1.0 out at some point, but it is not a priority right now.
This issue does not seem to be a pressing, as jsdom is only a dev dependency that’s used for benchmarking. Happy to accept PRs!