Hello there! Any chance anyone could bump npm package version and release the package with the fixed vulnerability? 馃檹
@NoNameProvided are you planning to release new version?
@gregsolo-intent, @asaunin A new version is being discussed internally. We are indeed waiting for a long time for this fix, but a few other PRs are being reviewed and merged for this new version. There is also an issue with permissions in the repository that are being discussed, but as soon as all this is resolved (and I think it will take a few days, but not much longer than that) you will see a new version of the library.
Pleased to see that there's movement on this project! I'd suggest that releasing a version with just the security patch quickly as a minor release reduces the upstream risk vs bundling additional features/functionality. At this point a couple more days probably won't make a massive difference though.
Done. 0.3.1 release with currently merged fixes.
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
Most helpful comment
Done. 0.3.1 release with currently merged fixes.