We certainly could try to upgrade webpack to the latest version, but eslint is another issue, it depends on wordwrap too, see more from this issue [1].
Thanks, -Ian. 1. https://github.com/eslint/eslint/issues/11536 On Wed, Mar 27, 2019 at 12:06 AM Huxing Zhang <hux...@apache.org> wrote: > Hi, > > Feedback from webpack community suggest to upgrade to 4.0, which no > longer depend on wordwrap. > For the eslint dependency I think a work around should remove it > temporally and add it back once the issue has been fixed. > > How do you think? > > On Thu, Mar 21, 2019 at 7:23 PM Ian Luo <ian....@gmail.com> wrote: > > > > I also reported the issue in eslint [1] community and in webpack [2] > > community. Considering these two tools are widely adopted for javascript > > development, they may take this seriously. But from our side, I guess > > there's nothing more we could do for now but wait for the responses from > > them and what legal team says. > > > > Regards, > > -Ian. > > > > 1. https://github.com/eslint/eslint/issues/11536 > > 2. https://github.com/webpack/webpack/issues/8936 > > > > > > On Thu, Mar 21, 2019 at 5:55 PM Huxing Zhang <hux...@apache.org> wrote: > > > > > Hi, > > > > > > On Thu, Mar 21, 2019 at 4:34 PM Huxing Zhang <hux...@apache.org> > wrote: > > > > > > > > Hi, > > > > > > > > > > > > On Thu, Mar 21, 2019 at 3:55 PM Justin Mclean < > jus...@classsoftware.com> > > > wrote: > > > > > > > > > > Hi, > > > > > > > > > > This is probably against copyright law, and IMO just because others > > > ignore it doesn’t mean we should. > > > > > > > > > > There probably a couple of courses of action: > > > > > - Ask the maintainer of that npm module to replace that file with > > > something that's permissible to use. > > > > > > I filed an issue here: > > > https://github.com/substack/node-wordwrap/issues/21, given that the > > > commit ceased since 2015, I don't think there will be a quick reply. > > > > > > > > - Ask on legal discuss for advice, they may have a better idea > than me > > > on what to do in this situation. > > > > > > I wrote a email to legal discuss, let's see how they will reply. > > > > > > > > > > > How about removing the file as soon as the npm install is finished? > > > > > > > > > > > > > > And lastly my -1 is not a veto, you only need 3 +1 and more +1s > than > > > -1s to release, but I would consider making a release carefully. > > > > > > > > > > Thanks, > > > > > Justin > > > > > > > > > > > > > > > > -- > > > > Best Regards! > > > > Huxing > > > > > > > > > > > > -- > > > Best Regards! > > > Huxing > > > > > > > -- > Best Regards! > Huxing >