config-chain icon indicating copy to clipboard operation
config-chain copied to clipboard
verified publisher icon dawsbot

CVE-2020-7788

Open goatandsheep opened this issue 5 years ago • 2 comments

https://github.com/advisories/GHSA-qqgx-2p2h-9c37

Due to security vulnerability, the package should either be updated or deprecated.

Furthermore, package should be unfrozen as npm is no longer reliant on config-chain.

goatandsheep avatar Dec 15 '20 16:12 goatandsheep

I've made a package clone https://www.npmjs.com/package/configuration-chain

goatandsheep avatar Feb 12 '21 23:02 goatandsheep

Apologies, yes perhaps this should be archived. I inherited this repo, I'm not the founder. Just trying to upkeep it and at this point it should be read-only

dawsbot avatar Feb 14 '21 16:02 dawsbot