ChanServ changed the topic of #sandstorm to: Welcome to #sandstorm: home of all things Sandstorm and Cap'n Proto. Say hi! | Have a question but no one is here? Try asking in the discussion group: https://groups.google.com/group/sandstorm-dev | Channel logs available at https://libera.irclog.whitequark.org/sandstorm
TMM_ has quit [Quit: https://quassel-irc.org - Chat comfortably. Anywhere.]
TMM_ has joined #sandstorm
blowfist has quit [*.net *.split]
TimMc has quit [*.net *.split]
strugee has quit [*.net *.split]
TC01_ has quit [*.net *.split]
strugee has joined #sandstorm
TC01_ has joined #sandstorm
blowfist has joined #sandstorm
TimMc has joined #sandstorm
xet7 has quit [Remote host closed the connection]
xet7 has joined #sandstorm
TC01_ is now known as TC01
<kentonv> ugh this again... unmaintained project we depend on depends on a specific version of some other module which depends on a specific old version of underscore.js which has a reported security vulnerability, but the vulnerability is in a function that the dependent doesn't use, but `npm` is going to keep telling me we have a high-severity vulnerability until I do something about it, sigh
<ocdtrekkie> Absolutely lovely.
<kentonv> so we use a library called nodemailer to send email. It would appear that nodemailer hasn't been updated in 4 years.
<isd> Isn't that the same library that caused the comma separator vulnerability?
<kentonv> what's that?
<kentonv> heh... at least nodemailer was still maintained at that time
<kentonv> we should probably update to a fresher library
<isd> Hm, looks like it was updated less than a month ago: https://github.com/nodemailer/nodemailer ?
<isd> How did you come to the conclusion that it was unmaintained?
TMM_ has quit [Quit: https://quassel-irc.org - Chat comfortably. Anywhere.]
TMM_ has joined #sandstorm