Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jszip dependency security vulnerability #92

Closed
rooby opened this issue Jan 10, 2023 · 3 comments · Fixed by #96
Closed

jszip dependency security vulnerability #92

rooby opened this issue Jan 10, 2023 · 3 comments · Fixed by #96

Comments

@rooby
Copy link
Contributor

rooby commented Jan 10, 2023

The jszip dependency version has a vulnerability and should be updated.
See GHSA-jg8v-48h5-wgxg
@charlieforward9 charlieforward9 mentioned this issue Aug 21, 2023
Merged
@sheindel
Copy link
Contributor

Resolved as of tag v0.4.0, should be on npm soon.

@sheindel
Copy link
Contributor

Good news: v0.4.2 is now available.

Less good news: Mapbox changed their deployment organization so this package is now hosted under a different package

@mapbox/shp-write
https://unpkg.com/@mapbox/shp-write@latest/shpwrite.js

@rooby
Copy link
Contributor Author

rooby commented Aug 23, 2023

Thanks for your efforts on getting this new version out @sheindel
Aside from the PR I opened about the types it seems to be working for my usage.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add options, multipolygon & types, tree shake, deps Agriculture-Intelligence/shp-write
2 participants
@rooby @sheindel