generator icon indicating copy to clipboard operation
generator copied to clipboard

Published 20 hours ago verified publisher icon expressjs

Update pug from 2.0.0-beta11 to 2.0.3 to fix vulnerability

Open alevis opened this issue 6 years ago • 5 comments

alevis avatar May 29 '19 00:05 alevis

@codingthat thanks for the reply!

alevis avatar May 01 '20 05:05 alevis

I was about to ask why closed, but see you reopened. I guess just pressed the wrong button as they are right next to each other 🤣

dougwilson avatar May 01 '20 05:05 dougwilson

It's failing on only the oldest Node.js versions. Does generator itself need to support those? (I mean...I can't imagine doing a greenfield project on an unsupported version.)

codingthat avatar May 01 '20 07:05 codingthat

I've seen some projects cap their dependencies in cases like this. If that seems sensible, it could just be a matter of saying, "Want to use generator with Node.js 0.10? You need to go back to the last known release that worked with it, express-generator X.Y.Z)" in the readme, and then pruning the CI requirements a bit.

codingthat avatar May 01 '20 07:05 codingthat

+1 for fixing this. In the meantime, npm audit fix is a workaround.

mraible avatar May 20 '20 16:05 mraible