privatenumber/tsx

Support esbuild@0.22

sxzz opened this issue · 7 comments

sxzz commented

Acknowledgements

  • I read the documentation and searched existing issues to avoid duplicates
  • I understand this is a bug tracker and anything other than a proven bug will be closed
  • I understand this is a free project and relies on community contributions
  • I read and understood the Contribution guide

Minimal reproduction URL

N/A

Problem & expected behavior (under 200 words)

esbuild v0.22 has been released with some breaking changes.

The new version no longer supports Windows 7/8. Should we upgrade now and release a major version?

Bugs are expected to be fixed by those affected by it

  • I'm interested in working on this issue

Compensating engineering work will speed up resolution and support the project

  • I'm willing to offer $10 for financial support

Is there a particular motivation? (e.g. a feature or fix you want from the release?)

sxzz commented

There doesn't seem to be any benefit for tsx, but for the codebase, it means one less version of dependency to install 😜

the old esbuild version also has a critical go vuln: see this issue evanw/esbuild#3802.

The response from the maintainer in that thread explains how that vulnerability report is a false alarm for esbuild.

(Am I missing something?)

Yes agreed it doesn't actually impact production applications but would be nice to not have to explicitly whitelist the vuln(since its critical) as it shows up on a lot of scanners.

This seems off topic now as it's a false problem coming from your scanner.

Please file an issue with your scanner instead. They should not be blindly flagging projects without auditing the scope of impact.

Hiding these comments as they're not practical motivations for upgrading.

This issue is now resolved in v4.17.0.

If you're able to, your sponsorship would be very much appreciated.