Open vinczemarton opened 2 years ago
I've run into the same issue. It seems that segmentio-facade
has been renamed to @segment/facade
. The newest release of that new name has removed the dependency on is-email
.
This diff should fix the security vulnerability
diff --git a/package.json b/package.json
index f72842c..9068476 100644
--- a/package.json
+++ b/package.json
@@ -37,6 +37,7 @@
"@ndhoule/pick": "^2.0.0",
"@segment/canonical": "^1.0.0",
"@segment/cookie": "^1.1.5",
+ "@segment/facade": "^3.4.0",
"@segment/is-meta": "^1.0.0",
"@segment/isodate": "^1.0.2",
"@segment/isodate-traverse": "^1.0.1",
@@ -57,7 +58,6 @@
"new-date": "^1.0.0",
"next-tick": "^0.2.2",
"package-json-versionify": "^1.0.4",
- "segmentio-facade": "^3.2.7",
"spark-md5": "^2.0.2",
"uuid": "^3.4.0"
},
but some changes to the actual codebase will be required.
^^^ PR opened with those changes.
Hi all, any updates on this?
I have
"@segment/analytics.js-core": "4.1.11",
installed.When running
npm audit
I get the following error:I understand that there is a fix for is-email, but since
segmentio-facade
depends on the exact version 0.1.0 I'm not sure if it is compatible.Can you update the dependencies for segmentio-facade and @segment/analytics.js-core that they don't use is-email 0.1.0?