Updated jasmine-growl-reporter to fix critical vulnerability in Jasmine2.0

[beckyconning]

No description provided.

[brody4hire]

Thanks @beckyconning. Considering that the Jasmine2.0 branch was already abandoned (see [1]), this proposal will probably not be integrated.

[1] https://github.com/mhevery/jasmine-node#jasmine

[beckyconning]

In an ideal world everyone would update to the latest software regardless of breaking changes. However time and labour aren't free.

This seems to be a case where changing two characters will improve the security of legacy software.

Why prevent such a change?

[brody4hire]

From https://github.com/AlphaHydrae/jasmine-growl-reporter#compatibility:

v2.* drops support for Node.js 0.12 and older

But from here we can see that the Jasmine2.0 branch supports Node.js back to 0.10.

Breaking change needs to be in a new major version.

If you can convince jasmine-growl-reporter to resolve the vulnerability without breaking on Node.js 0.10, I would be happy to make this one update on the Jasmine2.0 branch.

A side point is that legacy software is not free to support from the open-source side. I think we would need both some more active contributors and active backing from something like Tidelift to make this kind of legacy software support practical.

My apologies for the difficulties with the critical vulnerability.