swagger-test-templates icon indicating copy to clipboard operation
swagger-test-templates copied to clipboard

Published 20 hours ago verified publisher icon apigee-127

Replace unmaintained dependencies

Open DeeDeeG opened this issue 4 years ago • 1 comments

Hi,

string and optimist are unmaintained. They also have vulnerability reports against them (or their own dependencies; optimist depends on an old version of minimist that is vulnerable).

Suggested replacements...

  • string -->
  • optimist -->
    • Wait for updated handlebars 4.x release: https://github.com/wycats/handlebars.js/pull/1662

DeeDeeG avatar Mar 27 '20 16:03 DeeDeeG

As far as I can tell string is only needed for the string.truncate function...

https://github.com/apigee-127/swagger-test-templates/blob/24a109434cefd020d45f37d9a05058bc564f2a52/lib/helpers.js#L4

https://github.com/apigee-127/swagger-test-templates/blob/24a109434cefd020d45f37d9a05058bc564f2a52/lib/helpers.js#L190

Could be replaced by .truncate from the underscore.string project? Or the truncate project (though the truncate project appears to round up from the cutoff length, whereas string's truncation appears to round down).

~~And apparently yargs is very similar to optimist... See this PR in another repo for an example of how to switch from optimist to yargs. https://github.com/wycats/handlebars.js/pull/1662/files~~

Suddenly realized optimist is an indirect dependency (of handlebars). So this is waiting on https://github.com/wycats/handlebars.js/pull/1662.

DeeDeeG avatar Mar 27 '20 17:03 DeeDeeG