[#CONJS-45] npm old package issues

[CONJS-45] npm old package issues Created: 2018-08-21 Updated: 2018-10-25 Resolved: 2018-10-25
Status:	Closed
Project:	MariaDB Connector/node.js
Component/s:	other
Affects Version/s:	None
Fix Version/s:	2.0.0-alpha

Type:

Task

Priority:

Major

Reporter:

Diego Dupin

Assignee:

Diego Dupin

Resolution:

Fixed

Votes:

Labels:

None

Description

see https://github.com/MariaDB/mariadb-connector-nodejs/issues/8.
some user have received an email from GitHub :

Known critical severity security vulnerability detected in mariadb <= 1.0.2 defined in package-lock.json.

This is due to old package in npm that must normally not interfere : https://www.npmjs.com/package/mariadb

Version History
0.7.0 a month ago
0.0.2-security a year ago
1.0.2 a year ago
1.0.1 a year ago
0.0.1-security a year ago

Those 1.0.1 and 1.0.2 version have not to interfere but still are.
Mail has been sent to npm to see if those can be totally removed.

Comments

Comment by Diego Dupin [ 2018-09-07 ]

npm answer is to use semver and then use a version > 1.0.2.
No other choice but changing "mariadb" package.
Next version will then have a version > 1.0.2

Generated at Thu Feb 08 03:22:21 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[CONJS-45] npm old package issues Created: 2018-08-21 Updated: 2018-10-25 Resolved: 2018-10-25