Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Npm audit fix. #47

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Conversation

stepan-perlov
Copy link

Change relative-deps import system from commonjs to esm.
It's was needed, because globby version 9 has 5 high vulnerability.
Globby with latest version 12 was pure esm package.
That means it can used only in esm package.

Change relative-deps import system from commonjs to esm.
It's was needed, because globby version 9 has 5 high vulnerability.
Globby with latest version 12 was pure esm package.
That means it can used only in esm package.
Copy link
Collaborator

@elektronik2k5 elektronik2k5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a seriously breaking change, mandating a new semver major and documentation.
Personally, I'm ok with that cause I don't believe in long term support of old and deprecated versions of software - but others may disagree.

I also suggest enforcing the minimum required node version via package.json's engines.node field.

@stepan-perlov
Copy link
Author

That's a seriously breaking change, mandating a new semver major and documentation.

I am ok with add documentation about this.
May be we need create another branch for new version and publish alpha?
May be we need add tests?
I opened for all comments and critics. )
I need this utility without vulnerability.

but others may disagree.

Yes, we need discuss - is https://github.com/mweststrate/relative-deps can approve this changes.
@mweststrate - what do you think?

I also suggest enforcing the minimum required node version via package.json's engines.node field.

Yes, I set minimum version 13 - there esm supporting added.
https://github.com/mweststrate/relative-deps/pull/47/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519R42

Node version can be decrease - there esm works with feature flag in node < 13.

@stepan-perlov
Copy link
Author

@elektronik2k5
thank you for fast response )

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants