one-app-cli icon indicating copy to clipboard operation
one-app-cli copied to clipboard

Published 20 hours ago â€Ē verified publisher icon americanexpress

one-app-bundler has dependency on old version of glob-parent

Open smackfu opened this issue 1 year ago â€Ē 4 comments

🐞 Bug Report

Describe the bug

@americanexpress/one-app-bundler is dependent on [email protected] which is six years old and has security vulnerabilities.

To Reproduce

Run npm ls glob-parent from a repo using one-app-bundler.

│ └─┮ [email protected]
│   └─┮ [email protected]
│     └─┮ [email protected]
│       └─┮ [email protected]
│         └── [email protected]

Expected behavior

The package should be dependent on more recent versions of dependencies, especially for non-dev deps.

smackfu avatar May 15 '23 16:05 smackfu

This is probably not fixable without upgrading to webpack 5.

webpack@4 depends on watchpack@1. Current version of watchpack is v2, which doesn't even have a chokidar dependency anymore.

smackfu avatar May 15 '23 17:05 smackfu

This issue is stale because it has been open 30 days with no activity.

github-actions[bot] avatar Jun 15 '23 00:06 github-actions[bot]

should be fixed by https://github.com/americanexpress/one-app-cli/pull/568

JAdshead avatar Dec 08 '23 17:12 JAdshead

This issue is stale because it has been open 30 days with no activity.

github-actions[bot] avatar Jan 08 '24 00:01 github-actions[bot]