The mason-js dependency is unmaintained and frozen, but still currently used inside of vtshaver. It has been unmaintained since 2018. For a while it seemed like mason-js would again see maintenance (enough that security issues related to out-of-date binaries and mason-js JS dependencies could be mitigated). But, in effect, mason-js not been maintained since 2018 and therefore I think it is critical to acknowledge this and take action downstream (here).
So, my recommendation is to remove the dependence on mason-js in vtshaver.
To do this would involve:
- Removing
mason-js from the package.json
- Removing the
mason-versions.ini
- Implementing an alternative method for fetching up to date and reliable versions of dependencies that are currently being installed by
mason-js
The
mason-jsdependency is unmaintained and frozen, but still currently used inside ofvtshaver. It has been unmaintained since 2018. For a while it seemed likemason-jswould again see maintenance (enough that security issues related to out-of-date binaries andmason-jsJS dependencies could be mitigated). But, in effect,mason-jsnot been maintained since 2018 and therefore I think it is critical to acknowledge this and take action downstream (here).So, my recommendation is to remove the dependence on
mason-jsinvtshaver.To do this would involve:
mason-jsfrom thepackage.jsonmason-versions.inimason-js