notp icon indicating copy to clipboard operation
notp copied to clipboard
verified publisher icon guyht

Update dependencies. Update buffer usage.

Open Hexagon opened this issue 4 years ago • 7 comments

  • NPM throws evil warnings when trying to install this, due to extremely old version of mocha (affects only dev/test)
11 vulnerabilities (1 moderate, 6 high, 4 critical)
  • Node outputs warnings at runtime, due to deprecated usage of new Buffer() (affects production)
(node:8560) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
(Use `node --trace-deprecation ...` to show where the warning was created)

Both this issues are addressed in this pull request. Please review and accept to keep the package up to date.

Hexagon avatar Dec 18 '21 20:12 Hexagon

Bump @guyht

Hexagon avatar Mar 19 '22 11:03 Hexagon

@Hexagon i will take a look at this next week - there are a number of changes here so may take me a bit of time to go through them all.

guyht avatar Mar 19 '22 16:03 guyht

Great 👍

Hexagon avatar Mar 19 '22 19:03 Hexagon

@guyht any news?

NachtRitter avatar Apr 27 '22 23:04 NachtRitter

@NachtRitter I have been reviewing this slowly, the warnings do not appear to be critical, and there are a number of changes in this pull request that are doing more than just updating dependencies.

It would be easier if this issue was just dealing with the buffer usage, and other changes were put in a separate pull request.

guyht avatar May 05 '22 04:05 guyht

@guyht If you want help releasing a new updated major version of this library - add me as a collaborator on both this repo and the npm package.

I can fix both esm+cjs dual mode, deno and bun support, and more tests :+1:

Hexagon avatar Jul 06 '23 13:07 Hexagon