Update dependencies #22
Conversation
|
Thanks for the update. Besides a test I also did a quick check of the code changes in bs and minimist and didn't see anything out of the ordinary. Will also check and bump the other dependencies. Will also update the tarballs and move them to npm packages since there are some issues with the tarballs. |
|
@jegli I just published a release candidate with scoped npm packages instead of tarballs for the customized modules and updated dependencies. Maybe you could give it a try and let me know how it works for you? Please use npm install aemfed@next to install the latest release candidate (or npm install aemfed@0.1.2-rc.0 when you want to be explicit). |
|
@abmaonline Thank you very much! 馃憤 I just testet with your release candidate aemfed@0.1.2-rc.0 and everything works just like before. |
Hi @abmaonline
Thanks for maintaining aemfed. I would love to see some dependencies updated. I did so in a forked repository.
Since there are no tests, I ran the build and used the aemfed.js directly from bin (which uses the updated index.js in lib) within our project that uses AEM 6.5, everything works just like before. 馃憤
Feel free to test yourself and merge.
This MR fixes 148 of 157 vulnerabilities in 723 scanned packages.
There are still 2 vulnerabilities of level high. One coming from http-proxy within browser-sync (we should update browser-sync as soon as this issue is resolved). The other is coming from an old lodash version within aemsync (your aemsync tarball dependency uses an old version of archiver, which uses loadsh). If you have a moment to update that as well and release a new version of aemfed that would be amazing.
Thanks a lot for your work, much appreciated. Let me know if I can help with anything.
Cheers J枚rg