Closed nmccready closed 2 years ago
I'm not willing to support v10, but I'm willing to merge fixes for critical security issues for v11 (last pre-ESM version).
For some libraries it's not worth the extra effort at this point to force an update of 100% ES modules.
Being able to update dependencies is a good reason.
Will do 11 sounds great thank you!
@sindresorhus I have a PR ready to be submitted but I need a target branch of 11.X or similar on this repo.
That is not a critical security issue. It's marked as medium (and in reality it's low).
I recommend reading https://overreacted.io/npm-audit-broken-by-design/
While agree with all of these sentiments and I have read about npm audit already; this is being flagged by higher level auditing systems at the corporate level like whitesource .
From companies standpoint it has to be fixed .
Sindre would you consider supporting a 10.X branch to deal with security updates. I would happily submit PRS for them to be published by the original fork. For some libraries it's not worth the extra effort at this point to force an update of 100% ES modules.