Change prismjs to carat range? #33
Comments
|
Hi Karl! 👋 We have Prism as a dep for its core. Basically hidden internals. Loosening the range will cause stuff to break. I find preventing everything from exploding more important than older dependencies. Refractor also has a track record of updating fast after Prism updates, and if you use refractor itself with a loose range, you’ll also get Prism updates. The security vulnerability did not affect anyone using refractor, as we don’t support plugins. If there is an issue, it’s with Dependabot falsely claiming there was one 🤷♂️ |
|
Ok, understandable. Thanks for the answer :) |
|
No problem, thanks for understanding! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi @wooorm !
Maybe going forward, you would consider changing to a carat version range for
prismjs?It would help a lot for projects stuck with older dependencies which have
refractoras a transitive dep (especially when things like security vulnerabilities withprismjshappen).Anyway, thanks for the consideration!
The text was updated successfully, but these errors were encountered: