Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

esm dependency vunerability #8450

Closed
tholman opened this issue Jul 9, 2019 · 3 comments · Fixed by #8586
Closed

esm dependency vunerability #8450

tholman opened this issue Jul 9, 2019 · 3 comments · Fixed by #8586
Labels
workflow 💅

Comments

@tholman
Copy link

tholman commented Jul 9, 2019
edited
Loading

Getting some github alerts while using this lib due to "esm": "~3.0.84",

Screen Shot 2019-07-09 at 4 34 33 PM

Do you think you could give them a bump?
@mourner
Copy link
Member

mourner commented Jul 9, 2019

Not at the moment, since newer versions completely break our setup. However, you can safely dismiss this warning because it doesn't affect users of GL JS in any way. esm is only used by contributors for running tests.

@mourner mourner added needs investigation 🔍 Issues that require further research (e.g. it's not clear whether it's GL JS or something else) workflow 💅 labels Jul 9, 2019
@woodhull
Copy link

woodhull commented Jul 9, 2019
edited
Loading

In that case, could esm be moved to a dev dependency?

@mourner
Copy link
Member

mourner commented Jul 10, 2019

Yes, we should probably do that. Previously it was moved for easier integration with mapbox-gl-native which reuses the GL JS shaders, but I think we can live with maintaining the same dependency there — it overweighs GitHub/NPM showing security warnings for projects using GL JS.

@mourner mourner removed the needs investigation 🔍 Issues that require further research (e.g. it's not clear whether it's GL JS or something else) label Jul 10, 2019
@ching56 ching56 mentioned this issue Jul 11, 2019
Closed
@DatGreekChick DatGreekChick mentioned this issue Jul 18, 2019
Closed
3 tasks
@DatGreekChick DatGreekChick mentioned this issue Aug 2, 2019
Merged
7 tasks
@mourner mourner mentioned this issue Aug 22, 2019
Closed
@mourner mourner mentioned this issue Sep 9, 2019
Closed
@andrewharvey andrewharvey mentioned this issue Sep 24, 2019
Closed
@asheemmamoowala asheemmamoowala pinned this issue Sep 25, 2019
@ahk ahk unpinned this issue Nov 4, 2019
@mourner mourner mentioned this issue Jan 14, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
workflow 💅
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Move esm to devDependencies
Move esm to devDependencies
3 participants
@woodhull @mourner @tholman