Open tombuildsstuff opened 3 years ago
chamons
commented
3 years ago Sorry for the delay in response.
What branch are you looking at? master?
Most of the more recent work has been in the track2 branch.
I believe we've mostly picking this up from the version of autorest core we're depending on.
tombuildsstuff
commented
3 years ago This is in the master branch, whilst I understand work is progressing with Track2, it feels like the production generator should be kept up to date in the interim?
jhendrixMSFT
commented
6 months ago Per rush-pnpm audit there is now only one dependency with a high rating, coming from autorest.gotest. The remaining moderate dependencies are related to the autorest test server which isn't part of the code generator.
@tadelesh can you please take a look at the dependencies for autorest.gotest? The underlying dependency is coming from @autorest/testmodeler.
tadelesh
commented
6 months ago @raych1 do you know who could help to solve the dependencies for testmodeler?
Trying to install the node packages, I noticed:
14 vulnerabilities (4 low, 1 moderate, 9 high)- which also requires an outdated version of Node.JS, NPM and Gulp.Since these are security vulnerabilities - and this is the production code generator - is there a plan to fix these?