Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump deps #56

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Bump deps #56

wants to merge 4 commits into from

Conversation

goto-bus-stop
Copy link
Member

just did a blanket npm update.
Should fix #55, because acorn-node 1.8 depends on acorn 7.
Finally closes #48, because this exposes the option added in browserify/static-eval#31.

@archmoj
Copy link

archmoj commented Jun 15, 2020

LGTM 💃

@Shadowninja33
Copy link

Shadowninja33 commented May 25, 2021

Are there any updates on bumping the dependancies? This is currently a blocker on my team, similar to #55

@ggrimsley
Copy link

ggrimsley commented Mar 30, 2022

Hi @goto-bus-stop, is there anything I can help with to have this PR moved forward?

Edit: I looked into acorn-node@1.8.2 and I see that it depends on acorn@7.0.0, which shows a vulnerability in Snyk. There's a fixed version available: acorn@7.1.1 is clean. Upstream, acorn-node@2.0.0 and acorn-node@2.0.1 are both on acorn@7.0.0. Would myself or someone else going and opening a PR for acorn-node to use acorn@7.1.1, and then having static-module use that new acorn-node build be the best course of action?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Problem with IQ Server vulnerability : sonatype-2020-0067 Transform which ran with v1 not working with v3
4 participants