Open mohamedmansour opened 3 months ago
@bazel/concatjs
is not maintained anymore so a publish from the latest commit on the 5.x is not likely to happen unless new maintainers step up for rules_nodejs 5.x.
My recommendation is to upgrade to rules_js and rules_ts and use js_run_devserver
for your devserver if possible. What project are you working on where you are still using @bazel/concatjs
?
Hi @gregmagolan I am using https://github.com/google/tsec which finds possible XSS issues in code.
Hi @gregmagolan I am using https://github.com/google/tsec which finds possible XSS issues in code.
Sorry. I meant which project is using @bazel/concatjs
and if you can upgrade to rules_js & rules_ts there instead of using @bazel/concatjs
which is no longer maintained.
What happened?
We are using the tsec package which has (
pnpm ls --depth=3
):And the only one published package for
@bazel/concatjs
is 5.8.1, but the one in the source code is 5.8.2 (not published) which doesn't have the protobufjs vulnerability. Can we publish the 5.8.2 ?Version
Linux, pnpm v9.1.1, @bazel/concatjs v5.8.1
How to reproduce
Any other information?
No response