bzip2 should be upgraded

Question

Closed this issue 2 years ago · 1 comments

Answer 1 · 2023-01-18T11:30:53.000Z

Ok, turns out we only refer to bzip2 by version "0.4", which already covers the fixed version.

Thus, this CVE is not really relevant for savefile.

I got a dependabot-warning from github, but that was because we had old unused lock-files checked into the repo. I've removed them.

Closing this now.