will anyone merge this if it solves the issue?

Any ETA on when this is getting merged ?

@indexzero@jcrugzz looks like this requires your immediate attention

My children are the only thing that requires immediate attention, sorry. Software happens during normal working hours. Didn't get to this on Friday, therefore it will be tomorrow.

Jarrett may have a moment, I have asked him.

@jsmylnycky thanks for the work here. Will release this fix in a few

published as1.18.1

Have you informed npm support to whitelist this version? Currently it‘s still blacklisted:https://www.npmjs.com/advisories/1486/versions
The support usually resolves such inquiries within a few hours:security@npmjs.com

@indexzero that's understandable, sorry for my wording. But thevulnerability seems reported almost 3 months ago. Do you consider adding more core maintainers as an option?

@Hypnosphi If you take a look at the top of the Issues page, there's two pinned posts going back to Aug/Sept, basically looking to get more people active with the future of this project. There's been very little activity from folks willing to actually jump in and contribute tho. If it is something you're interested in doing, I suggest you take a look at those posts and leave some comments to get in touch :)

Just out of curiosity, was the vulnerabilityactually reported to the maintainers? This would not be the first time nobody knows about the issue until the advisory goes public:sass/node-sass#2816 (comment)

Have you informed npm support to whitelist this version? Currently it‘s still blacklisted:https://www.npmjs.com/advisories/1486/versions
The support usually resolves such inquiries within a few hours:security@npmjs.com

They've now marked the fixed version as unaffected