Skip to content

fix: 🐛 Updated levelup version to 4.2.0 fixing audit#21

Open
srepollock wants to merge 2 commits into
mafintosh:masterfrom
srepollock:master
Open

fix: 🐛 Updated levelup version to 4.2.0 fixing audit#21
srepollock wants to merge 2 commits into
mafintosh:masterfrom
srepollock:master

Conversation

@srepollock

Copy link
Copy Markdown

Closes: #20

@favna

favna commented Sep 9, 2019

Copy link
Copy Markdown

@mafintosh please merge this and create an updated release

@akoushke

Copy link
Copy Markdown

I would like to request for a change, if that's okay. There is another vulnerability in levelup. the problem had been fixed already form their side Level/levelup#676. However, I'm not sure if it will be a patch/minor version bump. if not, then we need to update this package.json as well.
refer to this picture for the vulnerabilities that I had faced using rollup plugin.

@vweevers

Copy link
Copy Markdown

@srepollock This PR is incomplete. There have been breaking changes between levelup 0.x and 4 you'll need to account for.

@Vehmloewff

Copy link
Copy Markdown

@mafintosh, have you had a chance to look at this yet? It would help us out a lot if this were fixed.

Comment thread index.js
var fs = require('level-filesystem');

var db = levelup('level-filesystem', {db:leveljs});
var db = levelup(leveldown('level-filesystem'), {db:leveljs});

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vweevers I've updated to use the leveldown system. I ran with node index.js example.js and it created a new file with some logs in the main project directory. They had .log files and I don't know the exact contents as they were written in buffered data. I believe this may be a fix, but request a review

@mafintosh

Copy link
Copy Markdown
Owner

I don’t have any time to review this. If someone wants to take it over let me know.

@srepollock

Copy link
Copy Markdown
Author

@mafintosh user @lcsvcn has approved this and I addressed the issues @Vehmloewff commented on. Is there any more reason stopping this from being merged in?

@srepollock

srepollock commented Aug 12, 2020

Copy link
Copy Markdown
Author

I apologize and would like to update this thread for the sake of @trevorblades . I have accidentally deleted the GitHub repo referenced in the PR here. I have recreated the repo and made the necessary changes here. I will have a release set up as well to pull from NPM, but I would suggest that this PR get some movement.

If because I deleted the repo there is no way to merge in this PR, please @ me here and I can submit a new one with the new repo. Cheers

@favna

favna commented Aug 12, 2020

Copy link
Copy Markdown

@srepollock github maintains the code changes of deleted repos, thankfully. In the past it would've auto closed this PR but no more.

@trevorblades

Copy link
Copy Markdown

Thanks for restoring that repo @srepollock!

@jdalrymple

Copy link
Copy Markdown

Any updates?

@SamsonChoo

Copy link
Copy Markdown

Could someone teach me how to use @srepollock's fixed version of the repo instead of this version? Seeing that this PR will not be merged anytime soon.

@srepollock

Copy link
Copy Markdown
Author

@SamsonChoo npm i srepollock-browserify-fs
https://www.npmjs.com/package/srepollock-browserify-fs

@penfold45

Copy link
Copy Markdown

Hi this appears to still be an open issue. Is there a way to move this along and get it resolved? Happy to help in anyway I can

@srepollock

Copy link
Copy Markdown
Author

@penfold45 currently the solution is to fork and fix yourself or to use someone else's fix. The developer seems to be inactive on here at this time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Addressing NPM security errors by updating levelup to ^4.2.0