Open papandreou opened 6 years ago
@papandreou: these are fixed upstream. Can you update the packages and release a new version?
BTW please don't lock down the versions. If a patch release is made, you need to release a new version yourself too, which is bad. Just use a semver operator that fits your needs.
Thanks for the heads up! I've been through all of them now, released new versions of the wrappers I maintain, and updated assetgraph-builder to them.
There are still some dependencies on the old versions via the express-processimage dependency. I expect that to be sorted out shortly.
Thnaks! I think you missed a few deps from adding a sevmver operator like assetgraph
.
Waiting for the express-processimage fixes :)
I think you missed a few deps from adding a sevmver operator like
assetgraph
.
Yeah, that is intentional. The two projects are intimately connected, and whenever we make radical changes to assetgraph
(such as replacing the JavaScript parser in yesterday's minor release), there's often breakage in the assetgraph-builder test suite. It's stuff that doesn't matter externally (or we'd make a major version bump), but I've come to prefer to do the updates in a handheld way.
Waiting for the express-processimage fixes :)
It seems like the project is in a bit of a bad state due to some recent changes to streams in node 10, but we'll get it sorted out.
Sorted out the express-processimage situation now and released 6.9.1. We're down only low and moderate ones now:
found 12 vulnerabilities (6 low, 6 moderate)
Getting a clean sheet from
npm audit
is presently blocked by:bin-wrapper@^3.0.0
, which triggers https://nodesecurity.io/advisories/598