search

mjmlio / mjml2json

A package to convert a MJML template from XML syntax to JSON
22 stars 16 forks source link

Bump MJML dependency version #13

Open arokanto opened 4 years ago

arokanto commented 4 years ago

This package still relies on mjml version ^3.2.2. When installing you get the following warnings:

warning mjml2json > mjml > mjml-cli > chokidar@1.7.0: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
warning mjml2json > mjml > mjml-cli > chokidar > fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
warning mjml2json > mjml > mjml-button > react > fbjs > core-js@1.2.7: core-js@<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3.

Maybe the mjml dependency should be bumped to something on the 4.x line.

arokanto commented 3 years ago

Any news on this? mjmj 3.2 has 279 low-severity vulnerabilities. All of them are because of outdated versions of node-fetch and ini, which are required by transitive dependencies of mjml 3.2.

Do you have plans to update this module to require mjml 4? For me mjml2json is still a useful module.

stianjensen commented 2 years ago

I tried looking at this, but there are quite a few breaking changes and not all seem to be documented, so it requires some work looking into the internals of mjml: https://github.com/mjmlio/mjml2json/pull/25

istr commented 9 months ago

I provided #29 that works and replaces #25.