Skip to content

Fix(ts-types): vulnerable dependency #167

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
WyvernIXTL merged 2 commits into from
Aug 7, 2025
Merged

Fix(ts-types): vulnerable dependency #167

WyvernIXTL merged 2 commits into from
Aug 7, 2025

Conversation

@WyvernIXTL
Copy link
Contributor

@WyvernIXTL WyvernIXTL commented Aug 7, 2025

Fixed:

  • Override vulnerable dependency.
    (ts-types depends on typia, which depends on inquirer, which depends on external-editor, which depends on the vulnerable tmp:0.0.33.)

@WyvernIXTL
fix: override tmp with newer version
5f29153 
Typia uses inquirer, which in turn uses external-editor, which depends on tmp:0.0.33.
Said tmp version is really old and external-editor has not been updated for 6 years.

Since only `tmpNameSync` is used, tmp:0.2.4 also works (latest version).
@WyvernIXTL
chore(ts-types): bump version
ee95e74
@WyvernIXTL WyvernIXTL merged commit e990b9a into main Aug 7, 2025
3 of 4 checks passed
@WyvernIXTL WyvernIXTL deleted the fix/ts-types-vulnerable-dependency-tmp branch August 7, 2025 14:01
WyvernIXTL added a commit to nmshd/ts-crypto that referenced this pull request Aug 7, 2025
@WyvernIXTL
fix: update dependencies with vulnerabilities
29ee192 
See nmshd/rust-crypto#167 for the reason regarding the override of tmp.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@WyvernIXTL