chore(package): update mime v1.3.6...2.0.0
#87
Conversation
michael-ciniawsky
changed the title
mime package to avoid deprecation mime type with woff and woff2mime v1.3.6...2.0.0
|
+1 thanks for updating! |
|
@michael-ciniawsky why |
|
Just FYI in case you're unaware - NSP published a security vulnerability in the mime package used by this project. According to npm, this package gets 178,618 downloads a day. I'm sure many people can benefit from some expediency in merging this PR. |
|
@evilebottnawi Requires |
|
Publish as a Major & drop NodeJS 4.x support? Taking this up with Tobias as this may be what needs to happen. Realistically, Node 4.x is EOL in April? of next year so we would be jumping the gun a bit but it's not that far off. For those that are still on 4.x ( shouldn't be ) will have to use the existing version to retain 4.x support. It's a dev dep in 98% of the cases so the DDOS risk is minimal |
|
@d3viant0ne |
|
Or that ^^ |
|
You will have to excuse me, i'm all for prodding people to use up to date Node versions when & wherever possible. @evilebottnawi - Go with @michael-ciniawsky's suggestion and stick with the 1.4 version that has the DDOS fix. |
alexander-akait
force-pushed
the
update-mime
branch
from
c81cd15
to
0190498
Compare
|
@michael-ciniawsky @d3viant0ne done |
| @@ -9,7 +9,7 @@ | |||
| }, | |||
| "dependencies": { | |||
| "loader-utils": "^1.0.2", | |||
| "mime": "^1.3.6", | |||
| "mime": ">=1.4.1", | |||
What kind of change does this PR introduce?
Chore
Did you add tests for your changes?
not required
If relevant, did you update the README?
not required
Summary
Ref: broofa/mime#168
Does this PR introduce a breaking change?
no
Other information
not required