Open sxzz opened 2 days ago
Is there a particular motivation? (e.g. a feature or fix you want from the release?)
There doesn't seem to be any benefit for tsx, but for the codebase, it means one less version of dependency to install 😜
the old esbuild version also has a critical go vuln: see this issue https://github.com/evanw/esbuild/issues/3802.
The response from the maintainer in that thread explains how that vulnerability report is a false alarm for esbuild.
(Am I missing something?)
Yes agreed it doesn't actually impact production applications but would be nice to not have to explicitly whitelist the vuln(since its critical) as it shows up on a lot of scanners.
This seems off topic now as it's a false problem coming from your scanner.
Please file an issue with your scanner instead. They should not be blindly flagging projects without auditing the scope of impact.
Hiding these comments as they're not practical motivations for upgrading.
Acknowledgements
Minimal reproduction URL
N/A
Problem & expected behavior (under 200 words)
esbuild v0.22 has been released with some breaking changes.
The new version no longer supports Windows 7/8. Should we upgrade now and release a major version?
Bugs are expected to be fixed by those affected by it
Compensating engineering work will speed up resolution and support the project