Skip to content

bumped sirv to 3.0.2 to fix security alert#673

Closed
Billson7 wants to merge 1 commit intowebpack:masterfrom
Billson7:sirv-security-patch
Closed

bumped sirv to 3.0.2 to fix security alert#673
Billson7 wants to merge 1 commit intowebpack:masterfrom
Billson7:sirv-security-patch

Conversation

@Billson7
Copy link
Copy Markdown

@linux-foundation-easycla
Copy link
Copy Markdown

CLA Not Signed

@evenstensberg
Copy link
Copy Markdown
Member

Could you sign the CLA?

@stof
Copy link
Copy Markdown

stof commented Oct 22, 2025

sirv 3.x requires node 18+, while webpack-bundle-analyzer supports node 16+ right now. So this requires dropping support for Node 16 first

@gidich
Copy link
Copy Markdown

gidich commented Nov 6, 2025

sirv 3.x requires node 18+, while webpack-bundle-analyzer supports node 16+ right now. So this requires dropping support for Node 16 first

Any reason to continue to support Node 16 anymore?

Node 16 is no longer supported (reached EOL in 2023)

@alexander-akait
Copy link
Copy Markdown
Member

No reasons, we can drop it

@gidich
Copy link
Copy Markdown

gidich commented Nov 6, 2025

@Billson7 - need your signature (please)

@valscion
Copy link
Copy Markdown
Member

valscion commented Nov 7, 2025

Node.js version less than 20 dropped #676

@valscion valscion deleted the branch webpack:master November 7, 2025 08:32
@valscion valscion closed this Nov 7, 2025
@gidich
Copy link
Copy Markdown

gidich commented Nov 7, 2025

@valscion - still need to bump sirv version - would you like another PR for that?

https://security.snyk.io/vuln/SNYK-JS-SIRV-12558119

@valscion
Copy link
Copy Markdown
Member

valscion commented Nov 7, 2025

Ah sorry I just deleted obsolete master branch, didn't think it would close this PR. Feel free to open a new PR

@AbhaysinghBhosale
Copy link
Copy Markdown

@Billson7 can you plz reopen this PR OR create new one as node 16 support is dropped

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

7 participants