static-module icon indicating copy to clipboard operation
static-module copied to clipboard

Published 20 hours ago verified publisher icon browserify

Bump deps

Open goto-bus-stop opened this issue 5 years ago • 3 comments
trafficstars

just did a blanket npm update. Should fix https://github.com/browserify/static-module/issues/55, because acorn-node 1.8 depends on acorn 7. Finally closes https://github.com/browserify/static-module/issues/48, because this exposes the option added in https://github.com/browserify/static-eval/pull/31.

goto-bus-stop avatar Jun 15 '20 10:06 goto-bus-stop

LGTM :dancer:

archmoj avatar Jun 15 '20 13:06 archmoj

Are there any updates on bumping the dependancies? This is currently a blocker on my team, similar to #55

Shadowninja33 avatar May 25 '21 16:05 Shadowninja33

Hi @goto-bus-stop, is there anything I can help with to have this PR moved forward?

Edit: I looked into [email protected] and I see that it depends on [email protected], which shows a vulnerability in Snyk. There's a fixed version available: [email protected] is clean. Upstream, [email protected] and [email protected] are both on [email protected]. Would myself or someone else going and opening a PR for acorn-node to use [email protected], and then having static-module use that new acorn-node build be the best course of action?

ggrimsley avatar Mar 30 '22 19:03 ggrimsley