Skip to content

Bump deps #56

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Bump deps #56

wants to merge 4 commits into from

Conversation

goto-bus-stop
Copy link
Member

just did a blanket npm update.
Should fix #55, because acorn-node 1.8 depends on acorn 7.
Finally closes #48, because this exposes the option added in browserify/static-eval#31.

@goto-bus-stop goto-bus-stop mentioned this pull request Jun 15, 2020
Open
@archmoj
Copy link

archmoj commented Jun 15, 2020

LGTM 💃

@archmoj archmoj mentioned this pull request Jun 15, 2020
Open
@Shadowninja33
Copy link

Shadowninja33 commented May 25, 2021
edited
Loading

Are there any updates on bumping the dependancies? This is currently a blocker on my team, similar to #55

@ggrimsley
Copy link

ggrimsley commented Mar 30, 2022
edited
Loading

Hi @goto-bus-stop, is there anything I can help with to have this PR moved forward?

Edit: I looked into acorn-node@1.8.2 and I see that it depends on acorn@7.0.0, which shows a vulnerability in Snyk. There's a fixed version available: acorn@7.1.1 is clean. Upstream, acorn-node@2.0.0 and acorn-node@2.0.1 are both on acorn@7.0.0. Would myself or someone else going and opening a PR for acorn-node to use acorn@7.1.1, and then having static-module use that new acorn-node build be the best course of action?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Problem with IQ Server vulnerability : sonatype-2020-0067 Transform which ran with v1 not working with v3
4 participants
@goto-bus-stop @archmoj @Shadowninja33 @ggrimsley