Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependencies. Update buffer usage. #59

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

Hexagon
Copy link

@Hexagon Hexagon commented Dec 18, 2021

  • NPM throws evil warnings when trying to install this, due to extremely old version of mocha (affects only dev/test)
11 vulnerabilities (1 moderate, 6 high, 4 critical)
  • Node outputs warnings at runtime, due to deprecated usage of new Buffer() (affects production)
(node:8560) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
(Use `node --trace-deprecation ...` to show where the warning was created)

Both this issues are addressed in this pull request. Please review and accept to keep the package up to date.

@Hexagon Hexagon mentioned this pull request Dec 18, 2021
@Hexagon
Copy link
Author

Hexagon commented Mar 19, 2022

Bump @guyht

@guyht
Copy link
Owner

guyht commented Mar 19, 2022

@Hexagon i will take a look at this next week - there are a number of changes here so may take me a bit of time to go through them all.

@Hexagon
Copy link
Author

Hexagon commented Mar 19, 2022

Great 👍

@NachtRitter
Copy link

@guyht any news?

@guyht
Copy link
Owner

guyht commented May 5, 2022

@NachtRitter I have been reviewing this slowly, the warnings do not appear to be critical, and there are a number of changes in this pull request that are doing more than just updating dependencies.

It would be easier if this issue was just dealing with the buffer usage, and other changes were put in a separate pull request.

@Hexagon
Copy link
Author

Hexagon commented Jul 6, 2023

@guyht If you want help releasing a new updated major version of this library - add me as a collaborator on both this repo and the npm package.

I can fix both esm+cjs dual mode, deno and bun support, and more tests 👍

@JoseCoque
Copy link

@guyht any news on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants