pm2 icon indicating copy to clipboard operation
pm2 copied to clipboard

Published 20 hours ago verified publisher icon Unitech

chore: bump chalk from 3.0.0 to 4.1.2

Open khrj opened this issue 2 years ago • 5 comments

Q A
Bug fix? no
New feature? no
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets N/A
License MIT
Doc PR N/A

This PR updates chalk from 3.0.0 to 4.1.2. Chalk 3.0.0 uses the deprecated __proto__ API, which is also a security vulnerability. While the way its used in chalk does not create a security issue, some runtimes, such as Deno, do not implement it, which creates errors. This also creates problems when using the --disable-proto flag with node.

Chalk v4 has the following breaking changes:

  • It requires a minimum node version of 10. pm2 already mandates a node version of 12 or higher
  • It changes the Level typescript enum, which pm2 does not happen to use

khrj avatar Nov 24 '22 11:11 khrj

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Nov 24 '22 11:11 CLAassistant

But why do you bump chalk to 4.1.2 (July, 30 2021) and not to 5.1.2 (October, 12 2022)?

pubmikeb avatar Dec 06 '22 23:12 pubmikeb

Chalk V5 requires ESM -- I'm not too familiar with pm2's codebase, but from a glance it looks like it wouldn't work with it

khrj avatar Dec 07 '22 03:12 khrj

@Unitech This is blocking adoption through Deno. What has to be done for this to be pushed forward?

lino-levan avatar Dec 27 '23 17:12 lino-levan