Hi team,
I’m using @emotion/react@11.14.0 in an enterprise project, and our security scan flagged
the deprecated transitive dependencies. These are not direct dependencies in our code, but they are introduced indirectly through @emotion/react
Package version:
@emotion/react – 11.14.0
Dependency chain example from our environment:
└─┬ @emotion/react@11.14.0
└─┬ @emotion/babel-plugin@11.13.5
└─┬ babel-plugin-macros@3.1.0
└─┬ cosmiconfig@7.1.0
└── @types/parse-json@4.0.29(DEPRECATED)
Although these packages do not have any known vulnerabilities, we are reaching out because they are deprecated and still included as transitive dependencies.
Request:
Is there any plan or roadmap to update or replace these outdated transitive dependencies, or Modernize the dependency chain in future releases?
Even a small update or guidance would help us.
Thank you!
Hi team,
I’m using @emotion/react@11.14.0 in an enterprise project, and our security scan flagged
the deprecated transitive dependencies. These are not direct dependencies in our code, but they are introduced indirectly through @emotion/react
Package version:
@emotion/react – 11.14.0
Dependency chain example from our environment:
└─┬ @emotion/react@11.14.0
└─┬ @emotion/babel-plugin@11.13.5
└─┬ babel-plugin-macros@3.1.0
└─┬ cosmiconfig@7.1.0
└── @types/parse-json@4.0.29(DEPRECATED)
Although these packages do not have any known vulnerabilities, we are reaching out because they are deprecated and still included as transitive dependencies.
Request:
Is there any plan or roadmap to update or replace these outdated transitive dependencies, or Modernize the dependency chain in future releases?
Even a small update or guidance would help us.
Thank you!