gchq/CyberChef

Packages which can't be updated easily

Open

#2214 opened on Mar 1, 2026

View on GitHub
 (0 comments) (1 reaction) (0 assignees)JavaScript (34,843 stars) (3,944 forks)batch import
help wantedinfra/meta

Description

This issue is for tracking those packages where a simple update is not possible, and the reason why.

The intent is simply to avoid wasting effort on retrying the non-trivial updates when doing a general dependencies cleanup.

PRs to address the "requires code change" cases are most welcome.

Please also add a comment if further cases are found.

Package Version Limit Reason
@xmldom/xmldom < 0.9.0 requires code change
bcryptjs < 3.0.0 requires code change
bootstrap < 5.0.0 requires code change
bson < 5.0.0 requires code change and tests fail with the most obvious/trivial changes
cbor < 10.0.0 requires newer node version
compression-webpack-plugin <12.0.0 requires node >= 20.9.0
copy-webpack-plugin <14.0.0 requires node: >= 20.9.0
cspell < 9.0.0 requires newer node version
eslint < 10.0.0 requires newer node version
eslint-plugin-jsdoc < 51.0.0 requires newer node version
fernet < 0.4.0 0.3.3 is actually a later release than 0.4.0
geodesy < 2.0.0 can't load js modules into an mjs file
jimp < 1.6.1 1.6.1 is a faulty release (see https://github.com/jimp-dev/jimp/issues/1402) and breaks everything! (hopefully any subsequent release will fix this)
jq-web < 0.6.0 fails when fetching wasm file (#2209)
otpauth < 9.4.0 requires newer node version
sitemap < 9.0.0 no longer provides default export - requires code change
uuid < 14.0.0 requires node >= 19 (expects crypto to be built in)
webpack-dev-server < 5.1.0 requires newer node version

Contributor guide

Tech stack
javascriptnodejs
Domain
frontendtooling
Issue type
documentation
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
1
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
under 1 hour
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
fresh
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
None
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
80
Research direction
This issue tracks packages that cannot be updated easily in CyberChef. It serves as a reference for contributors to avoid reattempting non trivial updates. PRs addressing the 'requires code change' cases are welcome. The list includes version limits and reasons for each package.