search

bigcommerce / stencil-cli

BigCommerce Stencil emulator for local theme development
https://developer.bigcommerce.com/stencil-docs
BSD 4-Clause "Original" or "Old" License
101 stars 141 forks source link

Current @hapi/hapi version is deprecated #715

Open felixpaq opened 3 years ago

felixpaq commented 3 years ago

When installing the stencil-cli we get warnings for package deprecations and it looks like the version of @hapi/hapi package used (18.4.1) has severe security issues : https://www.npmjs.com/package/@hapi/hapi/v/18.4.1 and they suggest to upgrade to the latest version.

The company I work for is really intense on security and I'm afraid they'll notice this soon enough, is there something we can do to update it? In all honesty (and lazyness) I haven't tried running the CLI locally and bumping the version to see if it would work.

$ npm install -g @bigcommerce/stencil-cli 
npm WARN deprecated @hapi/hapi@18.4.1: This version contains severe security issues and defects and should not be used! Please upgrade to the latest version of @hapi/hapi or consider a commercial license (https://github.com/hapijs/hapi/issues/4114)
ThinkByDesign commented 3 years ago

I'm just getting started with BigCommerce theme dev and have the same question.