John-David Dalton
John-David Dalton
The `lodash.template` package is now deprecated.
Love this approach. A large chunk of `src/membrane.ts` can be removed too: https://github.com/salesforce/near-membrane/blob/v0.13.12/packages/near-membrane-base/src/membrane.ts#L1686-L1994
I'm okay with version numbers. If you're more security focused I'm sure you are running a build or compile step and can change and modify things at will.
YES YES YES! @TheJaredWilcurt up for creating a PR?
The existing published is indeed MIT (@prabhu thank you for spotting that). In this case we are more interested in the repository as the source of truth. For example assume...
I think the difference is app/project level vs. third party dependency. In the root of a repo the app/project doesn't need to use the registry to get info as it...
This has now landed in [the CVE database](https://nvd.nist.gov/vuln/detail/CVE-2024-50611) and is being reported by GitHub's security tab: > 
@Jessegerard Depending on the context specifying `__proto__` may be what the user intended. I try to only block property path access if the behavior is unintentional.
I'll throw my hat into the "doesn't work" ring. I've noticed errors when shipping packages with overrides that use "file:". > ERR_PNPM_LINKED_PKG_DIR_NOT_FOUND Could not install from "/path/to/socketregistry/packages/manual/assert/overrides/call-bind" as it does...
@sosukesuzuki Just a heads up, the `parse` APIs [are being deprecated](https://github.com/swc-project/swc/issues/1392#issuecomment-903214059). But [I've asked](https://github.com/swc-project/swc/pull/1893#issuecomment-903359692) if there'll be a way to support this scenario in the future as I've seen some...