[x3d-public] X3DJSONLD NPM dependencies have vulnerabilities? Not right now!
John Carlson
yottzumm at gmail.com
Fri Jul 23 19:32:30 PDT 2021
Apparently:
var java = require("java");
In 4 files:
allsaxon.js:var java = require("java");
foo.js:var java = require("java");
NodeSerializer.js: str += "var java = require('java');\n";
X3Dautoclass.js:var java = require('java');
Will not work. I am not sure if this is an ES6 thing or not. Will look
for issues.
This brings X3DJSONLD.js down, conversions down, etc. etc.
Please don't upgrade until I figure out what's wrong with this npm-java
module.
John
On 7/23/21 7:22 PM, John Carlson wrote:
> X3DJSONLD upgraded dependency npm-java to version 0.12.2, got rid of
> vulnerabilities
>
> $ npm install
>
> up to date, audited 109 packages in 738ms
>
> 4 packages are looking for funding
> run `npm fund` for details
>
> found 0 vulnerabilities
>
> up to date, audited 109 packages in 58s
>
> 4 packages are looking for funding
> run `npm fund` for details
>
> found 0 vulnerabilities
>
> =====================================
>
> You may wish to help various projects seeking funding that X3DJSONLD
> uses:
>
> coderextreme at coderextreme-Kubuntu20:~/X3DJSONLD$ npm fund
> X3DJSONLD at 9.0.0
> ├── https://github.com/sponsors/epoberezkin
> │ └── ajv at 6.12.6
> ├── https://github.com/sponsors/isaacs
> │ └── glob at 7.1.6
> └── https://github.com/sponsors/RubenVerborgh
> └── follow-redirects at 1.14.1
>
More information about the x3d-public
mailing list