Hi!
When building the current version of async (3.2.6) from source, I get several warnings about security issues in outdated packages. One potential way of addressing this is to use babel 7.x and @rollup/plugin-node-resolve instead. I have changed what is needed to get it to build on Debian (which no longer has some of the Node.js packages listed in package.json), and the diff is below. I'm not submitting it as a PR yet, as it will certainly also need changes to the package.json file and possibly elsewhere, but I could do so if you wished.
I also (locally) modified the test directory to allow for testing of the dist/async.js module (rather than the lib/* source files), and all the tests passed except for should error when re-assigning event methods in test/queue.js. I don't know if that is as a result of the changes below or an unrelated problem.
--- a/support/build/compile-module.js
+++ b/support/build/compile-module.js
@@ -2,9 +2,7 @@
const yargs = require('yargs');
const fs = require('fs');
-const {transformFile} = require('babel-core');
-const pluginCJS = require('babel-plugin-transform-es2015-modules-commonjs');
-const pluginModuleExports = require('babel-plugin-add-module-exports');
+const {transformFile} = require('@babel/core');
compileModule(yargs.argv, (err) => {
if (err) throw err;
@@ -13,8 +11,8 @@
function compileModule(options, callback) {
const {file, output} = options;
const plugins = [
- pluginModuleExports,
- pluginCJS
+ "babel-plugin-add-module-exports",
+ "@babel/plugin-transform-modules-commonjs"
];
transformFile(file, {
--- a/support/build/aggregate-bundle.js
+++ b/support/build/aggregate-bundle.js
@@ -1,5 +1,5 @@
const {rollup} = require('rollup');
-const nodeResolve = require('rollup-plugin-node-resolve');
+const nodeResolve = require('@rollup/plugin-node-resolve');
rollup({
input: 'build-es/index.js',
--- a/support/build/aggregate-module.js
+++ b/support/build/aggregate-module.js
@@ -1,5 +1,5 @@
const {rollup} = require('rollup');
-const nodeResolve = require('rollup-plugin-node-resolve');
+const nodeResolve = require('@rollup/plugin-node-resolve');
rollup({
input: 'build-es/index.js',
--- a/.babelrc
+++ b/.babelrc
@@ -1,7 +1,7 @@
{
"plugins": [
- "transform-es2015-modules-commonjs",
- "syntax-async-generators"
+ "@babel/plugin-transform-modules-commonjs",
+ "@babel/plugin-syntax-async-generators"
],
"env": {
"test": {
Hi!
When building the current version of async (3.2.6) from source, I get several warnings about security issues in outdated packages. One potential way of addressing this is to use babel 7.x and
@rollup/plugin-node-resolveinstead. I have changed what is needed to get it to build on Debian (which no longer has some of the Node.js packages listed inpackage.json), and the diff is below. I'm not submitting it as a PR yet, as it will certainly also need changes to thepackage.jsonfile and possibly elsewhere, but I could do so if you wished.I also (locally) modified the test directory to allow for testing of the
dist/async.jsmodule (rather than thelib/*source files), and all the tests passed except forshould error when re-assigning event methodsintest/queue.js. I don't know if that is as a result of the changes below or an unrelated problem.