semver@6.3.0 Vulnerability within nyc@15.1.0

Question

semver@6.3.0 Vulnerability within nyc@15.1.0

rlerma opened this issue 2 years ago · 5 comments

Is this repo still being maintained?

nyc has the following dependency tree based on semver

nyc@15.1.0
├─┬ istanbul-lib-instrument@4.0.3
│ ├─┬ @babel/core@7.19.0
│ │ ├─┬ @babel/helper-compilation-targets@7.19.0
│ │ │ └── semver@6.3.0
│ │ └── semver@6.3.0
│ └── semver@6.3.0
└─┬ make-dir@3.1.0
└── semver@6.3.0

semver@<7.5.2 has a vulnerability
GHSA-c2qf-rxjj-qqgw

Answer 1 · 2023-07-03T17:53:13.000Z

No response? 👀

Answer 2 · 2023-07-04T08:35:46.000Z

I also need a fix .. any update ?

Answer 3 · 2023-07-04T09:51:08.000Z

@coreyfarrell are you able to comment if this repo is still maintained?

Answer 4 · 2024-01-03T06:57:17.000Z

Did anyone find any alternative?

Answer 5 · 2024-01-03T09:06:11.000Z

@jaws97 After realizing that nyc is not really maintained any longer, our project switched to C8
https://github.com/bcoe/c8