Security issue in 7zip-bin dependency. #8485
Comments
|
Hmmm are there any alternatives for providing 7zip binaries via npm other than 7zip-bin npm package? That repo looks like it's unmaintained |
|
To be honest i can see there is 6 forks of the project, also i checked in npm and i can see a few packages doing the same but no one has a many weekly downloads.... so, I'm not sure about the alternatives. |
|
This will be resolved in #8530. Dependency on develar/7zip-bin#27 to be merged/released first |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Electron-Builder Version: 24.13.3
Node Version: 20.16.0
Electron Version: 10.4.7
This issue is not related to your repo or electron -builder itsef, but is just for you to be aware that there is a security issue to one of the dependencies you use:
[email protected]
-- [email protected]-- [email protected]The version 5.2 of the 7zip-bin package is using a very old version of the 7zip distributable console, which implies a security risk. Actually this is preventing me to use electron-builder on my machine, because a security software in my company detect that binary as a security risk.
I already log an issue on the repository owned by develar but i had no response so far.
The text was updated successfully, but these errors were encountered: