Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update the dependency http-errors to v2 #19

Open
jaydenseric opened this issue Aug 23, 2024 · 2 comments
Open

Update the dependency http-errors to v2 #19

jaydenseric opened this issue Aug 23, 2024 · 2 comments

Comments

@jaydenseric
Copy link

The dependency http-errors is a major version out of date:

http-assert/package.json

Line 13 in b072a1b

"http-errors": "~1.8.0"

This is causing problems with multiple versions of HTTP errors floating around codebases, where some are not instanceof each version's HTTP error class.
@jaydenseric
Copy link
Author

It's also an anti-pattern to use ~ instead of ^ for the version range.

@steve-o
Copy link

steve-o commented Sep 17, 2024

Also, http-errors 2.0.0 bumps dependency for legacy depd 1.1.2 which raises security warnings due to eval:

 (!) Use of eval is strongly discouraged
 https://rollupjs.org/troubleshooting/#avoiding-eval
 ../../node_modules/.pnpm/[email protected]/node_modules/depd/index.js
 408:
 409:    // eslint-disable-next-line no-eval
 410:   var deprecatedfn = eval('(function (' + args + ') {\n' +
                           ^
 411:     '"use strict"\n' +
 412:     'log.call(deprecate, message, site)\n' +

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@steve-o @jaydenseric