Update the dependency `http-errors` to v2

jshttp / http-assert

assert with status codes

MIT License

151 stars 14 forks source link

Update the dependency `http-errors` to v2 #19

Open jaydenseric opened 2 months ago

jaydenseric commented 2 months ago

The dependency http-errors is a major version out of date:

https://github.com/jshttp/http-assert/blob/b072a1b903d055a7d40dbd7a54cd74e517b56e52/package.json#L13

This is causing problems with multiple versions of HTTP errors floating around codebases, where some are not instanceof each version's HTTP error class.

jaydenseric commented 2 months ago

It's also an anti-pattern to use ~ instead of ^ for the version range.

steve-o commented 1 month ago

Also, http-errors 2.0.0 bumps dependency for legacy depd 1.1.2 which raises security warnings due to eval:

 (!) Use of eval is strongly discouraged
 https://rollupjs.org/troubleshooting/#avoiding-eval
 ../../node_modules/.pnpm/depd@1.1.2/node_modules/depd/index.js
 408:
 409:    // eslint-disable-next-line no-eval
 410:   var deprecatedfn = eval('(function (' + args + ') {\n' +
                           ^
 411:     '"use strict"\n' +
 412:     'log.call(deprecate, message, site)\n' +