fix(deps): update dependencies to solve high vulnerabilities#1242
fix(deps): update dependencies to solve high vulnerabilities#1242TakahashiNguyen wants to merge 23 commits intonest-modules:mainfrom
Conversation
TakahashiNguyen
changed the title
|
Any chance this will actually get reviewed and merged in? |
|
Hello @AnhNg6262 , thanks for your PR. Do you know if this PR will be merged soon? Thanks |
|
Any update on this PR? |
|
@juandav Can you please have a look at this huge securiry problem |
|
Looks like the project is basically dead. @juandav is active on GH but 0 replies in this repo, it looks like. It's very unprofessional to abandon stuff completely like this, without even merging in security vulnerability fixes. At least pass it to someone interested, please. |
|
The module keeps having +200k downloads a week and new vulnerabilities are spotted. |
|
@juandav - thank you for your library and the efforts so far! But any chance to at least reply if this will ever actually be considered to get merged? Or we should start looking for an alternative library / fork this one? |
|
@juandav any date for merge of this pr please ? |
|
Hello @eduardoleal @cdiaz @juandav @kitimark Please have a look at this PR Thank you |
|
Yes please, accept the pr :) |
- fix(service): use logger.log instead of debug for transporter ready message (#1239, #1248, #1249) - fix(service): reuse createTransporter in addTransporter for consistent verification and hooks (#1234) - fix(liquid): initialize config with default empty object to prevent TypeError (#1232) - fix(mjml): add optional chaining for others param to prevent crash when undefined - fix(deps): add peerDependenciesMeta to mark template engines as optional (#1238, #1244) - fix(deps): move tslib from devDependencies to dependencies for PnP runtime support (#1230) - chore(deps): update devDependencies to latest compatible versions (#1242, #1250) - docs: add Liquid adapter examples, MJML clarifications, multi-transporter docs (#1246) - docs: add pnpm installation instructions and liquidjs to README Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- fix(service): use logger.log instead of debug for transporter ready message (#1239, #1248, #1249) - fix(service): reuse createTransporter in addTransporter for consistent verification and hooks (#1234) - fix(liquid): initialize config with default empty object to prevent TypeError (#1232) - fix(mjml): add optional chaining for others param to prevent crash when undefined - fix(deps): add peerDependenciesMeta to mark template engines as optional (#1238, #1244) - fix(deps): move tslib from devDependencies to dependencies for PnP runtime support (#1230) - chore(deps): update devDependencies to latest compatible versions (#1242, #1250) - docs: add Liquid adapter examples, MJML clarifications, multi-transporter docs (#1246) - docs: add pnpm installation instructions and liquidjs to README Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
|
Superseded by branch |
|
Closing as superseded — all dependency updates are included in the comprehensive fix branch. |
11 participants
This PR hopefully fixes an issue where install the package gives project 32 high vulnerabilities.