Renée
i emailed snyk and they said they would revoke the CVE. i'm not sure how that works, so it might take a few days.
this package is very stable and the only maintenance effort is in dealing with bogus security warnings. idk why npm doesn't just allow you to silence warnings that are clearly...
Yes! I think I'll be working on this next as I'm already having to write more `.expect()`s changing some of our `From` impls to `TryFrom`, and it feels bad (and...
I believe this is obsolete now that apollo-compiler includes serialization support!
> Root Cause > static-module-3.0.4.tgz package/bench/input.js[5.5.0, 5.7.4) I'm n'ot sure if I'm reading this right but the `bench/input.js` file is only used as input for the tests and it is...
Regardless of anything, you probably aren't using static-module on untrusted input, so even if it's flagging code that is actually running it's still a false positive that you can ignore...
I appreciate the commitment but please don't open issues for every browserify package that uses xtend. This module is part of browserify so its appreach will be the same as...
https://github.com/unjs/ipx
This is also relevant for escape sequences: ```graphql "\u123 \u0008 \uZZZZ" ``` Now you get an error for the whole string, it would be better if we could point to...