The version for Liquibase available through NPM package is currently at 4.28.1, would this be updated anytime soon with the latest package 4.31.1 ?
The 4.28.1 package got flagged with security vulnerabilities when we tried to use it. Here are the vulnerability codes that showed up.
CVE-2021-42392
CVE-2022-23221
CVE-2024-1597
Just posting the most severe ones which are concerning. Any response for this will really help us in evaluating if we can use this wonderful Liquibase for our development purpose.
Hey @yuvarajpuru ! Thanks for reaching out. We are in the middle of revamping the release process for our various distributions, interfaces and extensions. The Liquibase npm package is on the list automate releases. While I don’t have a specific date, this is an active effort so updates should be coming soon.
In the meantime I would like to hear more about why and how you want to use Liquibase in node. I am one of the company founders and I currently work in developer relations @ Liquibase. Let me know if you’re interested and we can set something up!
@Pete Thank you for responding so quickly. If you could give me at least a rough timeline for the release of the latest version to NPM it will really help.
