Project status

[jankapunkt]

Hi @theKashey is this project still alive? I have some audit issues and looked into this but there seems to be no updates so far. Need a helping hand?

[situokko]

Last version was 1.5yrs ago, I can tell you it is being used, but not being updated.

I expect your audit issues were about lodash.template vulnerability (GHSA-35jh-r3h4-6jhm) that has been fixed in lodash 4.17.21? (as that is the reason why I am here). However lodash was fixed already 3yrs ago.

rewiremock uses lodash.template (I am not aware if this has been release by lodash-author, or someone else?) that is 5yrs old https://www.npmjs.com/package/lodash.template?activeTab=code

So proper fix would be to:

1. Release new version of lodash.template (based on 4.17.21?) and then release new version of rewiremock
   OR
2. Modify rewiremock to directly use whole lodash? (Or does it not work because it's so old and not really modularized)
   OR
3. (Quick and dirty) Modify rewiremock to include fixed template-logic required for it to work

I'd assume that there is not much of coding involved in either of them, just commiting, PR:ing and waiting mostly? Did I understand to problem correctly?

[theKashey]

Neither lodash.template, nor .some are required here. I'll remove current usage - two dependencies and two problems less

---

Hi @theKashey is this project still alive?
I am not personally using it as we moved from mocha years ago. That's the main probelm.

I have some audit issues and looked into this but there seems to be no updates so far.
Just open an issue so I will be aware of the problem.

Need a helping hand?
Absolutely. Would greatly appreciate any help.

Last version was 1.5yrs ago, I can tell you it is being used, but not being updated.
The solution is functionally complete and the only place to improve is supporting native ESM. Waiting for node decisions to stabilize before even looking there. (yeah, it's been years)