Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Indirect Dependency on Deprecated sourcemap-codec@1.4.8 in nuxt-security #342

Closed
nicokempe opened this issue Jan 16, 2024 · 3 comments · Fixed by #347
Closed

Indirect Dependency on Deprecated sourcemap-codec@1.4.8 in nuxt-security #342

nicokempe opened this issue Jan 16, 2024 · 3 comments · Fixed by #347
Labels
bug Something isn't working dependencies Pull requests that update a dependency file upstream Issue in the dependency awaiting resolve
Milestone
1.1.0

Comments

@nicokempe
Copy link

nicokempe commented Jan 16, 2024
edited
Loading

Hello,

I've identified an issue in the nuxt-security package (version 1.0.0) related to its dependencies, specifically concerning an indirect dependency on a deprecated package.

Environment

  • Operating System: Windows_NT
  • Node Version: v20.8.1
  • Nuxt Version: 3.9.1
  • CLI Version: 3.10.0
  • Nitro Version: 2.8.1
  • Package Manager: pnpm@8.14.1
  • User Config: preset, experimental, devtools, modules, serverMiddleware, nitro, i18n, cloudflareAnalytics, turnstile, css, postcss, mongoose, app, runtimeConfig, routeRules, image, security, content, typescript
  • Runtime Modules: @nuxt/image@1.2.0, @nuxt/devtools@1.0.8, @nuxt/content@2.10.0, @nuxtjs/i18n@8.0.0, @nuxtjs/turnstile@0.6.3, @nuxtjs/tailwindcss@6.10.4, nuxt-security@1.0.0, nuxt-headlessui@1.1.5, nuxt-cloudflare-analytics@1.0.8

Issue Description

nuxt-security indirectly depends on the deprecated package sourcemap-codec@1.4.8. This was uncovered using pnpm why sourcemap-codec, which traces the dependency through nuxt-security -> unplugin-remove -> magic-string -> sourcemap-codec.

The use of deprecated dependencies could potentially lead to compatibility or security issues in the future, which is a significant concern for the reliability and security of our project.

Expected Behavior

Dependencies within nuxt-security should be up-to-date to ensure compatibility and security.

Steps to Reproduce

  1. Use nuxt-security version 1.0.0 in a Nuxt 3 project.
  2. Run pnpm why sourcemap-codec to observe the dependency chain.

Could you please provide information on whether there is a plan to address this issue in a future update of nuxt-security?

Thank you for your assistance and the work you do maintaining this package. ❤️
@nicokempe nicokempe added the bug Something isn't working label Jan 16, 2024
@Baroshem
Copy link
Owner

Hey Buddy,

Thanks for doing a research about the packages.

I will take a look at it in the upcoming days :)

@Baroshem Baroshem mentioned this issue Jan 17, 2024
Closed
@Baroshem
Copy link
Owner

I have created an upstream issue in the unplugin-remove package as it should be fixed there.

I will provide the package author all the help needed to resolve it.

Will keep you posted :)

@Baroshem Baroshem added upstream Issue in the dependency awaiting resolve dependencies Pull requests that update a dependency file labels Jan 17, 2024
@nicokempe
Copy link
Author

Thank you very much!

@Baroshem Baroshem linked a pull request Jan 19, 2024 that will close this issue
Chore/1.1.0 #347
Merged
6 tasks
@Baroshem Baroshem added this to the 1.1.0 milestone Jan 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working dependencies Pull requests that update a dependency file upstream Issue in the dependency awaiting resolve
Projects
None yet
Milestone
1.1.0
Development

Successfully merging a pull request may close this issue.

Chore/1.1.0 Baroshem/nuxt-security
2 participants
@Baroshem @nicokempe