npm audit complains

[marton78]

The problem

npm audit complains about an ancient dependency

Details

The dependency in question is [email protected], here's the result of npm ls [email protected]:

[email protected]
└─┬ [email protected]
  └─┬ [email protected]
    └─┬ [email protected]
      └── [email protected] 

There is a pull request openstf/adbkit-apkreader#22 which claims to remedy the issue, but as it seems openstf/adbkit-apkreader is not actively maintained. That PR is more than one year old.

I suggest forking openstf/adbkit-apkreader and applying the PR.

[imurchie]

I would tend to agree with this. First, I've written the OpenSTF folks to see if someone from Appium can be added as a maintainer. If I don't hear anything back soon I will go ahead with getting it into our org and fixing.

Thanks!

[imurchie]

I got access to the github project. Waiting on npm access to publish the dependency updates.

[imurchie]

The package has been updated. Appium beta now comes out clean:

$ npm audit

                       === npm audit security report ===

found 0 vulnerabilities
 in 167965 scanned packages