search

daisy / ace

Ace by DAISY, an Accessibility Checker for EPUB
MIT License
75 stars 22 forks source link

epub-utils: xmldom-alpha is no longer maintained #330

Closed karfau closed 3 years ago

karfau commented 3 years ago

Hello, I just wanted to let you know that the package xmldom (which is from the same code base as xmldom-alpha this is being used in package.json) was not maintained for a while and that's why a new github organization took over maintainance under https://github.com/xmldom/xmldom .

While the new organization is publishing new versions to the xmldom package, there are no plans of maintaining the separate xmldom-alpha package.

The version you are using also contains a bug/regression that has been fixed and will soon be published as part of the v0.4.0 of the xmldom package.

I'm informing you about this, since this package is one of the last remaining dependents of xmldom-alpha.

danielweck commented 3 years ago

Thank you for taking the time to let us know.

You will be pleased to hear that we migrated away from xmldom-alpha several months ago, although the change was introduced in a Git branch dedicated to the "next" version of Ace, which is still tagged as "beta" on NPM (even though it is already deployed in the Ace App GUI).

master branch:

https://github.com/daisy/ace/blob/87947c93ccacb14f536482cfb109e75329d225df/packages/epub-utils/package.json#L25

=> version 1.1.1, NPM tag "latest":

https://www.npmjs.com/package/@daisy/ace/v/latest

ace-next branch:

https://github.com/daisy/ace/blob/a6fbed40476f4dfce49a563d0f9a8db7c28fa4ae/packages/epub-utils/package.json#L27

=> version 1.2.0-beta.12, NPM tag "next":

https://www.npmjs.com/package/@daisy/ace/v/next

master branch of Ace App:

https://github.com/daisy/ace-gui/blob/269cc559898b5c6695dc98f80612644d39bd36b9/package.json#L182

karfau commented 3 years ago

Glad to hear that. I would be fine to close this issue, but maybe you want to keep it open for transparency, so I'm leaving it as it is.

karfau commented 3 years ago

Just to let you know that all versions of xmldom-alpha (and xmldom < 0.5.0) suffer from the security issue fixed in xmldom@0.5.0.

We are not able to deprecate the xmldom-alpha package. Just wanted to let you know in case you want to either release an update for the old version or deprecate those old versions.

danielweck commented 3 years ago

Closing now, as fixed in Ace "next" https://github.com/daisy/ace/pull/314