auvipy
commented
2 months ago Is everything working like before? Do we need to adjust / update tests etc?
Closed tijn closed 1 month ago
auvipy
commented
2 months ago Is everything working like before? Do we need to adjust / update tests etc?
tijn
commented
2 months ago Is everything working like before? Do we need to adjust / update tests etc?
@auvipy I looked for it but it seems there was no code directly calling istanbul. As far as I can see it just provided an executable that you can run to gather information about the code, and nyc (allegedly) does the same.
tijn
commented
1 month ago @auvipy shall I merge this pull request?
What Changed & Why
Dependabot reported a vulnerability in babel-traverse. This in itself is not an issue for this project since we're not compiling code that's specifically crafted by an attacker with it. However, while looking at package-lock-json I found out that the reason for installing
babel-traverseisistanbul. And that package has been deprecated. This PR replaces istanbul with nyc.Bug/Ticket Tracker
https://github.com/devour-js/devour-client/security/dependabot/26
Documentation
https://www.npmjs.com/package/istanbul
Third-Party
nyc - it was recommended by the author of istanbul as its replacement. It also has a permissible ISC license, functionally equivalent to the simplified BSD and MIT licenses.