CVE-2021-27290 high severity

[kaaax0815]

The latest possible version that can be installed is 6.0.2 because of the following conflicting dependency:

next-offline@5.0.3 requires ssri@^6.0.1 via a transitive dependency on cacache@12.0.4
The earliest fixed version is 8.0.1

Can I update this myself or will this break?

Or can someone update it?

[SalahAdDin]

@hanford Another more.

[hanford]

I'd accept a pull request, but this isn't currently disrupting my workflow

[hanford]

Maybe this one? #282

[kaaax0815]

this bumps the version to 6.0.2

The earliest fixed version is 8.0.1

[meabed]

Thank you hanford, If this is helpful, I have forked the library and migrated to typescript and updated the deps here https://github.com/meabed/next-offline-ts

[SalahAdDin]

@hanford the idea would be to have that fork improvements on this package, @meabed.

[meabed]

@SalahAdDin Not sure if the author would do that - I appreciate the effort here and I wouldn't mind, but it seems he is not updating the repo anymore.
and I had some fixes and updates to do so I had this fork, for now I would keep maintaining it.