-
-
Notifications
You must be signed in to change notification settings - Fork 395
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Yo should use esm #787
Comments
This was referenced May 27, 2023
Is there any progress towards fixinv the vulnerable dependencies? Trying to install yo at the moment fires a ton of vulnerability warnings. In this state yo is unusable for our purposes. |
yeoman-generator, yeoman-environment and yeoman-test are ESM now. Help is wanted to migrate |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Type of issue
Bug Report
My environment
macOS Monterey 12.6.7
v20.2.0
(runnode --version
in your terminal)9.6.6
(runnpm --version
in your terminal)4.3.1
(runyo --version
in your terminal)Expected behavior
yo has no vulnerable dependancies.
Current behavior
The following are vulnerable package versions from yo and its dependancies, yeoman/doctor and yeoman/insight:
However these packages are now all pure esm.
To allow for these dependancies to be updated, and thus for the vulnerabilities to be fixed, yo, yoeman/doctor, and yeoman/insight should switch to esm as well.
This has additionally caused problems with insight as
os-name >= v5.0.0
is also pure esm, which resulted in insight being removed.This has been an ongoing issue for the project. Related issues I've found include (17 total):
yo
depends on deprecatedmodule.parent
, should updatemeow
#786got
overrequest
. insight#52Each of these require this being implemented to be properly fixed.
Other yeoman packages have already made the switch to esm, including update-notifier, stringily-object, and configstore, with environment and generator soon to follow.
Steps to reproduce the behavior
Command line output
Output
The text was updated successfully, but these errors were encountered: