Skip to content

Bump deps#56

Open
goto-bus-stop wants to merge 4 commits intomasterfrom
bump-deps
Open

Bump deps#56
goto-bus-stop wants to merge 4 commits intomasterfrom
bump-deps

Conversation

@goto-bus-stop
Copy link
Member

@goto-bus-stop goto-bus-stop commented Jun 15, 2020

just did a blanket npm update.
Should fix #55, because acorn-node 1.8 depends on acorn 7.
Finally closes #48, because this exposes the option added in browserify/static-eval#31.

@goto-bus-stop goto-bus-stop mentioned this pull request Jun 15, 2020
Open
@archmoj
Copy link

archmoj commented Jun 15, 2020

LGTM 💃

@archmoj archmoj mentioned this pull request Jun 15, 2020
Open
@Shadowninja33
Copy link

Shadowninja33 commented May 25, 2021
edited
Loading

Are there any updates on bumping the dependancies? This is currently a blocker on my team, similar to #55

@ggrimsley
Copy link

ggrimsley commented Mar 30, 2022
edited
Loading

Hi @goto-bus-stop, is there anything I can help with to have this PR moved forward?

Edit: I looked into acorn-node@1.8.2 and I see that it depends on acorn@7.0.0, which shows a vulnerability in Snyk. There's a fixed version available: acorn@7.1.1 is clean. Upstream, acorn-node@2.0.0 and acorn-node@2.0.1 are both on acorn@7.0.0. Would myself or someone else going and opening a PR for acorn-node to use acorn@7.1.1, and then having static-module use that new acorn-node build be the best course of action?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Problem with IQ Server vulnerability : sonatype-2020-0067 Transform which ran with v1 not working with v3

4 participants

@goto-bus-stop @archmoj @Shadowninja33 @ggrimsley