No published version of babel-plugin-fbt since 0.13.0-beta

[lucasgonze]

🐛 Bug Report

Older versions of babel-plugin-fbt have a dependency on a package called "mem" which has a vulnerability. The latest versions of babel-plugin-fbt do not have that dependency or vulnerability. However, there is no published version free of it.

As a result Magma is stuck with the old version of mem:

Magma nms 0.1.0 >
babel-plugin-fbt 0.10.4 > 
yargs 9.0.1 > 
mem 1.1.0 

To Reproduce

Steps to reproduce the behavior:

• pick any version of babel-plugin-fbt since 0.13.0-beta. There are tagged releases up to 0.21.0-rc6-beta
• install the version, e.g. yarn install babel-plugin-fbt@0.21.0
• yarn can't find it

Expected behavior

An install

Link to repo (highly encouraged) or paste

warning babel-plugin-fbt@0.21.0: This prerelease version is deprecated
Couldn't find any versions for "fb-babel-plugin-utils" that matches "^0.13.0"
? Please choose a version of "fb-babel-plugin-utils" from this list: (Use arrow keys)
❯ 0.13.0-beta 
  0.12.0 
  0.11.0 
  0.11.0-beta 

envinfo

    OS: macOS 12.0.1
    CPU: (4) x64 Intel(R) Core(TM) i5-5350U CPU @ 1.80GHz
    Memory: 174.49 MB / 8.00 GB
    Shell: 5.8 - /bin/zsh
  Binaries:
    Node: 12.19.0 - ~/.nvm/versions/node/v12.19.0/bin/node
    Yarn: 1.22.17 - /usr/local/bin/yarn
    npm: 6.14.8 - ~/.nvm/versions/node/v12.19.0/bin/npm

[lucasgonze]

The main question is why babel-plugin-fbt has been beta since 0.13.0, even though it is now at version 0.21.0.

[pkqinys]

Hi @lucasgonze

The main question is why babel-plugin-fbt has been beta since 0.13.0, even though it is now at version 0.21.0.

The latest non-beta babel-plugin-fbt is babel-plugin-fbt@0.20.3. I think you confused fb-babel-plugin-utils with babel-plugin-fbt.

install the version, e.g. yarn install babel-plugin-fbt@0.21.0

Version 0.21.0 is still in beta mode. babel-plugin-fbt@0.21.0 has been released by mistakes and it was therefore deprecated. Please use the latest public release which is babel-plugin-fbt@0.20.3