search

nuxt / content

The file-based CMS for your Nuxt application, powered by Markdown and Vue components.
https://content.nuxt.com
MIT License
3.08k stars 624 forks source link

Deprecated Dependency shiki-es@0.14.0 used #2507

Closed nicokempe closed 8 months ago

nicokempe commented 8 months ago

Environment

Context

I'm currently working on a Nuxt 3 project and have encountered a concern regarding dependencies. It appears that @nuxt/content version 2.10.0 relies on shiki-es@0.14.0, which has been marked as deprecated.

Describe the bug

Issue Description: While performing a dependency audit using pnpm why shiki-es, I discovered this deprecated dependency. Given the importance of maintaining up-to-date and secure dependencies, this raises concerns about future compatibility and potential security issues.

Expected Behavior: Ideally, @nuxt/content should use up-to-date, actively maintained dependencies to ensure the stability and security of projects that depend on it.

Steps to Reproduce:

  1. In a Nuxt 3 project, add @nuxt/content version 2.10.0.
  2. Run pnpm why shiki-es to see the dependency chain.

Is there a plan to update or replace this deprecated subdependency in an upcoming release of @nuxt/content? Any information or guidance on this would be greatly appreciated.

Additional context

Thank you for your attention to this matter and your continued work on @nuxt/content.

Logs

$ pnpm install
 WARN  2 deprecated subdependencies found: shiki-es@0.14.0, sourcemap-codec@1.4.8
Packages: +1144

$ pnpm why shiki-es
Legend: production dependency, optional only, dev only

website@v2024.1.1-dev C:\Users\nicokempe\Documents\WorkSpace\GitHub\myorga\myrepo

dependencies:
@nuxt/content 2.10.0
└── shiki-es 0.14.0
nobkd commented 8 months ago

Refer to #2495

nicokempe commented 8 months ago

Havent seen that one, I will close this issue as duplicate Thank you

yangjindong commented 8 months ago

Although the main branch has updated, but in the latest tag: 2.10.0, there's still using shiki-es.