ps, just noticed that the pull request [1] has been merged.
1. https://github.com/substack/node-wordwrap/pull/22 On Wed, Mar 27, 2019 at 10:22 AM Ian Luo <[email protected]> wrote: > We certainly could try to upgrade webpack to the latest version, but > eslint is another issue, it depends on wordwrap too, see more from this > issue [1]. > > Thanks, > -Ian. > > 1. https://github.com/eslint/eslint/issues/11536 > > On Wed, Mar 27, 2019 at 12:06 AM Huxing Zhang <[email protected]> wrote: > >> Hi, >> >> Feedback from webpack community suggest to upgrade to 4.0, which no >> longer depend on wordwrap. >> For the eslint dependency I think a work around should remove it >> temporally and add it back once the issue has been fixed. >> >> How do you think? >> >> On Thu, Mar 21, 2019 at 7:23 PM Ian Luo <[email protected]> wrote: >> > >> > I also reported the issue in eslint [1] community and in webpack [2] >> > community. Considering these two tools are widely adopted for javascript >> > development, they may take this seriously. But from our side, I guess >> > there's nothing more we could do for now but wait for the responses from >> > them and what legal team says. >> > >> > Regards, >> > -Ian. >> > >> > 1. https://github.com/eslint/eslint/issues/11536 >> > 2. https://github.com/webpack/webpack/issues/8936 >> > >> > >> > On Thu, Mar 21, 2019 at 5:55 PM Huxing Zhang <[email protected]> wrote: >> > >> > > Hi, >> > > >> > > On Thu, Mar 21, 2019 at 4:34 PM Huxing Zhang <[email protected]> >> wrote: >> > > > >> > > > Hi, >> > > > >> > > > >> > > > On Thu, Mar 21, 2019 at 3:55 PM Justin Mclean < >> [email protected]> >> > > wrote: >> > > > > >> > > > > Hi, >> > > > > >> > > > > This is probably against copyright law, and IMO just because >> others >> > > ignore it doesn’t mean we should. >> > > > > >> > > > > There probably a couple of courses of action: >> > > > > - Ask the maintainer of that npm module to replace that file with >> > > something that's permissible to use. >> > > >> > > I filed an issue here: >> > > https://github.com/substack/node-wordwrap/issues/21, given that the >> > > commit ceased since 2015, I don't think there will be a quick reply. >> > > >> > > > > - Ask on legal discuss for advice, they may have a better idea >> than me >> > > on what to do in this situation. >> > > >> > > I wrote a email to legal discuss, let's see how they will reply. >> > > >> > > > >> > > > How about removing the file as soon as the npm install is finished? >> > > > >> > > > > >> > > > > And lastly my -1 is not a veto, you only need 3 +1 and more +1s >> than >> > > -1s to release, but I would consider making a release carefully. >> > > > > >> > > > > Thanks, >> > > > > Justin >> > > > >> > > > >> > > > >> > > > -- >> > > > Best Regards! >> > > > Huxing >> > > >> > > >> > > >> > > -- >> > > Best Regards! >> > > Huxing >> > > >> >> >> >> -- >> Best Regards! >> Huxing >> >
