Request: Update hogan.js dependency to maintained fork

[jroytman]

Hello,

I noticed that diff2html currently depends on [email protected], which has not been updated in over a decade and pulls in a deprecated version of mkdirp. This results in persistent deprecation warnings for downstream projects, and since we’re publishing our own package that depends on diff2html, these warnings surface for our customers as well.

There are community-maintained forks of hogan.js that address this issue. For example, one recent fork replaces mkdirp with native Node.js calls (https://github.com/disastrous-charly/hogan.js).

Would you be open to switching diff2html to depend on a maintained fork of hogan.js, or accepting a PR that updates this dependency? This would help clean up warnings and improve security hygiene for downstream users. Thanks for your work on this project, and please let me know your thoughts.

[rtfpessoa]

Thanks for the heads up. I will tried to remove it before, but I could not find a better alternative at the time. When I have some time I will try to clean this. In the meanwhile if you have time please send a PR and I can approve faster

[jroytman]

Hi, I made a pull request.